Configuring Hue
Before you can configure Hue to work with an HDP cluster that is configured for Kerberos, you must refer to and complete the instructions for Configuring Ambari and Hadoop for Kerberos or Setting Up Kerberos Security for Manual Installs.
To enable Hue to work with an HDP cluster configured for Kerberos, make the following changes to Hue and Kerberos.:
- Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, create a principal for the Hue server: - # kadmin.local kadmin.local: addprinc -randkey hue/$FQDN@EXAMPLE.COM 
- Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, generate a keytab for the Hue principal: - kadmin.local: xst -k hue.service.keytab hue/$FQDN@EXAMPLE.COM 
- Put the - hue.service.keytabfile on the host where the Hue server is installed, in the directory- /etc/security/keytabs.
- Set the permissions and ownership of the - /etc/security/keytabs/hue.service.keytabfile as follows:- chown hue:hadoop /etc/security/keytabs/hue.service.keytab chmod 600 /etc/security/keytabs/hue.service.keytab 
- Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, use kinit to confirm that the - /etc/security/keytabs/hue.service.keytabfile is accessible to Hue:- su - hue kinit -k -t /etc/security/keytabs/hue.service.keytab hue/$FQDN@EXAMPLE.COM 
- Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, add the following to the [kerberos] section in the - /etc/hue/conf/hue.iniconfiguration file:- [[kerberos]] # Path to Hue's Kerberos keytab file hue_keytab=/etc/security/keytabs/hue.service.keytab # Kerberos principal name for Hue hue_principal=hue/$FQDN@EXAMPLE.COM 
- Set the path to kinit, based on the OS. - If you do not know the full path to kinit, you can find it by issuing the command where is kinit. - The following is an example of setting the path to kinit for RHEL/CentOS 6.x: - # Path to kinit # For RHEL/CentOS 6.x, kinit_path is /usr/bin/kinit kinit_path=/usr/kerberos/bin/kinit 
- Optionally, for faster performance, you can keep Kerberos credentials cached: - ccache_path=/tmp/hue_krb5_ccache 
- Edit the - /etc/hue/conf/hue.iniconfiguration file and set set security_enabled=true for every component in the configuration file.
- Save the - /etc/hue/conf/hue.iniconfiguration file.
- Restart Hue: - # /etc/init.d/hue start 
- Validate the Hue installation. - To view the current configuration of your Hue server, select About > Configuration or http://hue.server:8000/dump_config. 
- To ensure that Hue server was configured properly, select About > Check for misconfiguration or http://hue.server:8000/debug/check_config. - If you detect any potential misconfiguration, fix it and restart Hue. 
 

