Enabling Kerberos in Druid

Enabling Kerberos for Druid in Ambari triggers an automatic update of the necessary Kerberos configurations in Druid, ensuring a simple and efficient integration of security measures.

To enable Kerberos in Druid, the following updates are necessary:

  1. Include druid-kerberos in the loaded extensions list found in advanced druid-common under druid.extensions.loadList.

  2. Add the following configurations to custom druid-common. Here are the Kerberos configurations specific to Druid:

druid.auth.authenticatorChain=["kerberos"] druid.auth.authenticator.kerberos.type=kerberos druid.auth.authenticator.kerberos.cookieSignatureSecret=cookie-signature-secret druid.auth.authenticator.kerberos.serverKeytab=/etc/security/keytabs/spnego.service.keytab druid.auth.authenticator.kerberos.serverPrincipal=<Default values added by Amabri HTTP/_HOST@ADSRE.COM > druid.auth.authenticator.kerberos.authToLocal=<This value will be added by ambari by-defaut> druid.hadoop.security.authentication=kerberos druid.hadoop.security.kerberos.keytab=<druid.headless.keytab location> druid.hadoop.security.kerberos.principal=<Druid-kerberos-Principle-name> druid.escalator.type=kerberos druid.escalator.internalClientPrincipal=<Druid-kerberos-Principle-name > druid.escalator.internalClientKeytab=/etc/security/keytabs/druid.headless.keytab druid.escalator.authorizerName=<basic/ldapauth>

Presented below is an illustrative example:

druid.auth.authenticatorChain=["kerberos"] druid.auth.authenticator.kerberos.type=kerberos druid.auth.authenticator.kerberos.cookieSignatureSecret=cookie-signature-secret druid.auth.authenticator.kerberos.serverKeytab=/etc/security/keytabs/spnego.service.keytab druid.auth.authenticator.kerberos.serverPrincipal=HTTP/_HOST@ADSRE.COM druid.auth.authenticator.kerberos.authToLocal=<This value will be added by ambari by-defaut> druid.hadoop.security.authentication=kerberos druid.hadoop.security.kerberos.keytab=/etc/security/keytabs/druid.headless.keytab druid.hadoop.security.kerberos.principal=druid-odp_focal@ADSRE.COM druid.escalator.type=kerberos druid.escalator.internalClientPrincipal=druid-odp_focal@ADSRE.COM druid.escalator.internalClientKeytab=/etc/security/keytabs/druid.headless.keytab druid.escalator.authorizerName=basic


  Last updated