Create JAAS configuration files
- Create the following JAAS configuration files on the HBase Master, RegionServer, and HBase client host machines. - These files must be created under the - $HBASE_CONF_DIRdirectory:- where - $HBASE_CONF_DIRis the directory to store the HBase configuration files. For example,- /etc/hbase/conf.- On each machine running an HBase server, create the - hbase-server.jaasfile under the- /etc/hbase/confdirectory. HBase servers include the HMaster and RegionServer. In this file, add the following content:- Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false keyTab="/etc/security/keytabs/hbase.service.keytab" principal="hbase/- $fully.qualified.domain.name"; };
- On HBase client machines, create the - hbase-client.jaasfile under the- /etc/hbase/confdirectory and add the following content:- Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=false useTicketCache=true; };
 
- Create the following JAAS configuration files on the ZooKeeper Server and client host machines. - These files must be created under the - $ZOOKEEPER_CONF_DIRdirectory, where- $ZOOKEEPER_CONF_DIRis the directory to store the HBase configuration files. For example,- /etc/zookeeper/conf:- On ZooKeeper server host machines, create the - zookeeper-server.jaasfile under the- /etc/zookeeper/confdirectory and add the following content:- Server { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true useTicketCache=false keyTab="/etc/security/keytabs/zookeeper.service.keytab" principal="zookeeper/- $ZooKeeper.Server.hostname"; };
- On ZooKeeper client host machines, create the - zookeeper-client.jaasfile under the- /etc/zookeeper/confdirectory and add the following content:- Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=false useTicketCache=true; };
 
- Edit the - hbase-env.shfile on your HBase server to add the following information:- export HBASE_OPTS ="-Djava.security.auth.login.config= - $HBASE_CONF_DIR/hbase-client.jaas" export HBASE_MASTER_OPTS ="-Djava.security.auth.login.config=- $HBASE_CONF_DIR/hbase-server.jaas" export HBASE_REGIONSERVER_OPTS="-Djava.security.auth.login.config=- $HBASE_CONF_DIR/hbase-server.jaas"- where - HBASE_CONF_DIRis the HBase configuration directory. For example,- /etc/hbase/conf.
- Edit - zoo.cfgfile on your ZooKeeper server to add the following information:- authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider jaasLoginRenew=3600000 kerberos.removeHostFromPrincipal=true kerberos.removeRealmFromPrincipal=true 
- Edit - zookeeper-env.shfile on your ZooKeeper server to add the following information:- export SERVER_JVMFLAGS ="-Djava.security.auth.login.config= - $ZOOKEEPER_CONF_DIR/zookeeper-server.jaas" export CLIENT_JVMFLAGS ="-Djava.security.auth.login.config=- $ZOOKEEPER_CONF_DIR/zookeeper-client.jaas"- where - $ZOOKEEPER_CONF_DIRis the ZooKeeper configuration directory. For example,- /etc/zookeeper/conf.

