Sqoop 2 Authentication
This section describes how to configure Sqoop 2 with Kerberos security in a Hadoop cluster.
Create the Sqoop 2 Principal and Keytab File
You need to create a sqoop2.keytab file for Sqoop 2. Follow these steps:
- Create the principal and keytab file:
kadmin: addprinc -randkey sqoop2/fully.qualified.domain.name@YOUR-REALM.COM kadmin: xst -k sqoop2.keytab sqoop2/fully.qualified.domain.name
- Move the file into the Sqoop 2 configuration directory and restrict its access exclusively to the sqoop2 user:
$ mv sqoop2.keytab /etc/sqoop2/conf/ $ chown sqoop2 /etc/sqoop2/conf/sqoop2.keytab $ chmod 400 /etc/sqoop2/conf/sqoop2.keytab
For more details on creating Kerberos principals and keytabs, see Step 4: Create and Deploy the Kerberos Principals and Keytab Files.
Configure Sqoop 2 to Use Kerberos
Edit the Sqoop 2 configuration file sqoop.properties file in the /etc/sqoop2/conf directory and add the following properties:
org.apache.sqoop.authentication.type=KERBEROS org.apache.sqoop.authentication.handler=org.apache.sqoop.security.KerberosAuthenticationHandler org.apache.sqoop.authentication.kerberos.principal=sqoop2/fully.qualified.domain.name@YOUR-REALM.COM org.apache.sqoop.authentication.kerberos.keytab=/etc/sqoop2/conf/sqoop2.keytab