How to password protect Hadoop NameNode and JobTracker Web UIs?
Question
我想知道如何用密码保护在端口50030、50070等上运行的Hadoop Web UI。
2 answers
solution1
0 2011-02-20 09:42:37
我认为最好的办法就是关闭防火墙中的端口,并让用户使用SSH隧道进行连接。
solution2
0 2018-11-30 18:53:22
If you are using Hadoop version 2.7.x, below are the configuration,
Configuration The following properties should be in the core-site.xml of all the nodes in the cluster.
hadoop.http.filter.initializers : add to this property the org.apache.hadoop.security.AuthenticationFilterInitializer initializer class.
hadoop.http.authentication.type : Defines authentication used for the HTTP web-consoles. The supported values are: simple | kerberos | #AUTHENTICATION_HANDLER_CLASSNAME#. The dfeault value is simple.
hadoop.http.authentication.token.validity : Indicates how long (in seconds) an authentication token is valid before it has to be renewed. The default value is 36000.
hadoop.http.authentication.signature.secret.file : The signature secret file for signing the authentication tokens. The same secret should be used for all nodes in the cluster, JobTracker, NameNode, DataNode and TastTracker. The default value is $user.home/hadoop-http-auth-signature-secret. IMPORTANT: This file should be readable only by the Unix user running the daemons.
hadoop.http.authentication.cookie.domain : The domain to use for the HTTP cookie that stores the authentication token. In order to authentiation to work correctly across all nodes in the cluster the domain must be correctly set. There is no default value, the HTTP cookie will not have a domain working only with the hostname issuing the HTTP cookie.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.