Kerberos Authentication for Secured HDFS
MarkLogic Server can use Kerberos Secured HDFS as a file system on Linux platforms. MarkLogic Server acts as a client to Kerberos Secured HDFS and should have its own unique identity, so the credentials provided to MarkLogic Server should be different from the Kerberos credentials of other MarkLogic client applications.
MarkLogic Server accesses Kerberos Secured HDFS using the keytab file and principal. To configure Kerberos authentication to Secured HDFS, set the following environment variables in your /etc/marklogic.conf file:
Environment Variable |
Value |
|---|---|
|
Path to the Kerberos client keytab file. |
|
Kerberos Principal to be authenticated. |
Note
When using rolling upgrades, deploy your credential keytab files after the cluster has been fully upgraded to MarkLogic Server 9. Otherwise, the behavior of accessing secure HDFS will be undefined.