Details
-
Type:
New Feature
-
Status: Resolved
-
Priority:
Major
-
Resolution: Works for Me
-
Affects Version/s: 3.7.0
-
Fix Version/s: None
-
Component/s: app.catalog, app.filebrowser, con.hbase, con.impala, con.oozie, con.spark
-
Labels:
-
Target Version:
Description
Hello Hue-Support,
let me describe the problem and please correct me if I am wrong. Hue can be integrated into a secured with Kerberos cluster. Hue can use sparate Kerberos principals for every service. An example:
oozie.authentication.kerberos.principal HTTP/localhost@LOCALHOST
On the other hand, Hue has its own list of users. What we want is that all activities of a user in Hue(oozie workflows or Hive queries) will be executed with user's Kerberos tickets.
The idea is that we want to restrict a particular Hue user from accessing data of other users. When connecting to HiveServer2 using shell with Kerberos authentication, the URL format is:
jdbc:hive2://<host>:<port>/<db>;principal=<Server_Principal_of_HiveServer2>
The client needs to have a valid Kerberos ticket in the ticket cache before connecting. Is there a way to do the same on a Hue server, which is somewhere on the internet? And to do it secure?
Best regards,
Sergey