This is documentation for MapR Version 5.0. You can also refer to MapR documentation for the latest release.

Skip to end of metadata
Go to start of metadata

If you are using MapR Version 4.0.2 or later and HBase 0.98.7-1501 or later, you can enable user impersonation to access MapR-DB tables via the HBase REST Gateway. This feature is not supported in earlier combinations of MapR and HBase packages.

Impersonation enables access to tables via user IDs other than the user that runs the Gateway. Impersonation is only supported if the REST Gateway is running as the mapr user (MAPR_USER).

You can enable impersonation via the Gateway on both non-secure and secure MapR clusters (secured using either MapR SASL or Kerberos). MapR-DB does not support gateway impersonation using a Thrift interface. See also Configuring HBase to use Kerberos.

Enabling Impersonation on a Non-Secure Cluster

To enable impersonation on a non-secure cluster, follow these steps:

  1. Install the mapr-hbase package on a cluster that is running version 4.0.2 or later. (This package contains all of the HBase binaries. For installation details, see HBase.)
  2. Enable simple authentication via the REST Gateway by appending the following property to the hbase­-site.xml file (/opt/mapr/hbase/hbase­0.98.x/conf/hbase­-site.xml):

    The simple authentication protocol is a Hadoop pseudo authenticator that serves as an example and is part of the hadoop-common package.

  3. Set the following environment variable to enable impersonation:

  4. Start the REST Gateway server as the MAPR_USER.

Enabling Impersonation on a Secure Cluster

To enable impersonation on a secure cluster, follow these steps:

  1. Install the mapr-hbase package on a cluster that is running version 4.0.2 or later. (This package contains all of the HBase binaries. For installation details, see HBase.)
  2. Enable simple authentication via the REST Gateway by appending the following property to the hbase­-site.xml file (/opt/mapr/hbase/hbase­0.98.x/conf/hbase­-site.xml):

    The simple authentication protocol is a Hadoop pseudo authenticator that serves as an example and is part of the hadoop-common package.

  3. Set the following variable in /opt/mapr/conf/env.sh:

  4. Start the REST Gateway server as the MAPR_USER.

Using Custom Authentication

Editing the hbase-site.xml file, as described on this page, is the procedure to follow if you want to use Hadoop pseudo authentication. Alternatively, you can write and use your own authenticator to substitute for the "simple" configuration by implementing the Hadoop AuthenticationHandler interface. If you are using custom authentication, place your authenticator jar in the following directory:

 Then start the REST Gateway.

  • No labels