About

Security - (Proxy|N-tier|Impersonation) authentication proxy authentication in Hadoop

See also: Hadoop - Authentication

Articles Related

Use case

A superuser wants to submit job and access hdfs on behalf of a user. The superuser has kerberos credentials but the user doesn’t have any.

Configuration

Example: Hadoop - core-site.xml

<property>
     <name>hadoop.proxyuser.super.hosts</name>
     <value>host1,host2</value>
   </property>
   <property>
     <name>hadoop.proxyuser.super.groups</name>
     <value>group1,group2</value>
</property>

where:

• super is the admin user
• hadoop.proxyuser.super.hosts defines the host where the admin user super can connect to impersonate.
• hadoop.proxyuser.super.groups defines the group that can be impersonated.

Documentation / Reference

• http://hadoop.apache.org/docs/r2.9.0/hadoop-project-dist/hadoop-common/Superusers.html