Hadoop HTTP认证配置详解
本文详细介绍了Hadoop中HTTP认证的相关配置参数及其作用。包括认证类型、令牌有效期、签名密钥、Cookie域等设置,并提供了匿名请求允许、Kerberos配置等关键信息。
<!-- HTTP web-consoles Authentication -->
<property> <name>hadoop.http.authentication.type</name> <value>simple</value> <description> Defines authentication used for Oozie HTTP endpoint. Supported values are: simple | kerberos | #AUTHENTICATION_HANDLER_CLASSNAME# </description> </property> <property> <name>hadoop.http.authentication.token.validity</name> <value>36000</value> <description> Indicates how long (in seconds) an authentication token is valid before it has to be renewed. </description> </property> <property> <name>hadoop.http.authentication.signature.secret</name> <value>hadoop</value> <description> The signature secret for signing the authentication tokens. If not set a random secret is generated at startup time. The same secret should be used for JT/NN/DN/TT configurations. </description> </property> <property> <name>hadoop.http.authentication.cookie.domain</name> <value></value> <description> The domain to use for the HTTP cookie that stores the authentication token. In order to authentiation to work correctly across all Hadoop nodes web-consoles the domain must be correctly set. IMPORTANT: when using IP addresses, browsers ignore cookies with domain settings. For this setting to work properly all nodes in the cluster must be configured to generate URLs with hostname.domain names on it. </description> </property> <property> <name>hadoop.http.authentication.simple.anonymous.allowed</name> <value>true</value> <description> Indicates if anonymous requests are allowed when using 'simple' authentication. </description> </property> <property> <name>hadoop.http.authentication.kerberos.principal</name> <value>HTTP/localhost@LOCALHOST</value> <description> Indicates the Kerberos principal to be used for HTTP endpoint. The principal MUST start with 'HTTP/' as per Kerberos HTTP SPNEGO specification. </description> </property> <property> <name>hadoop.http.authentication.kerberos.keytab</name> <value>${user.home}/hadoop.keytab</value> <description> Location of the keytab file with the credentials for the principal. Referring to the same keytab file Oozie uses for its Kerberos credentials for Hadoop. </description> </property> <property> <name>fs.permissions.umask-mode</name> <value>022</value> <description> The umask used when creating files and directories. Can be in octal or in symbolic. Examples are: "022" (octal for u=rwx,g=r-x,o=r-x in symbolic), or "u=rwx,g=rwx,o=" (symbolic for 007 in octal). </description> </property>
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
