core-site.xml
Reference material for adding security information to the
         core-site.xml configuration file when setting up Kerberos for non-Ambari
      clusters.
Add the following information to the core-site.xml file on
                        every host in your cluster:
| Property Name | Property Value | Description | 
|---|---|---|
| hadoop.security.authentication | kerberos | Set the authentication type for the cluster. Valid values are: simple or kerberos. | 
| hadoop.rpc.protection | authentication; integrity; privacy | This is an [OPTIONAL] setting. If not set, defaults to authentication. authentication = authentication only; the client and server mutually authenticate during connection setup. integrity = authentication and integrity; guarantees the integrity of data exchanged between client and server as well as authentication. privacy = authentication, integrity, and confidentiality; guarantees that data exchanged between client and server is encrypted and is not readable by a “man in the middle”. | 
| hadoop.security.authorization | true | Enable authorization for different protocols. | 
| hadoop.security.auth_to_local | The mapping rules. For example: 
                         | The mapping from Kerberos principal names to local OS user names. “Create Mappings Between Principals and UNIX Usernames” for more information. | 
Following is the XML for these entries:
<property> 
     <name>hadoop.security.authentication</name> 
     <value>kerberos</value> 
     <description> Set the authentication for the cluster. 
     Valid values are: simple or kerberos.</description> 
</property> 
 
<property> 
     <name>hadoop.security.authorization</name> 
     <value>true</value> 
     <description>Enable authorization for different protocols.</description> 
</property> 
 
<property>
    <name>hadoop.security.auth_to_local</name> 
    <value> 
    RULE:[2:$1@$0]([jt]t@.*EXAMPLE.COM)s/.*/mapred/ 
    RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/hdfs/ 
    RULE:[2:$1@$0](hm@.*EXAMPLE.COM)s/.*/hbase/ 
    RULE:[2:$1@$0](rs@.*EXAMPLE.COM)s/.*/hbase/ 
    DEFAULT
    </value> 
    <description>The mapping from kerberos principal names
    to local OS user names.</description>
</property>When using the Knox Gateway, add the following to the
                        core-site.xml file on the master nodes host in your
                    cluster:
| Property Name | Property Value | Description | 
|---|---|---|
| hadoop.proxyuser.knox.groups | users | Grants proxy privileges for Knox user. | 
| hadoop.proxyuser.knox.hosts | $knox_host_FQDN | Identifies the Knox Gateway host. | 
Following is the XML for Knox settings:
<property> 
     <name>hadoop.security.authentication</name> 
     <value>kerberos</value> 
     <description>Set the authentication for the cluster. 
     Valid values are: simple or kerberos.</description> 
</property> 
 
<property> 
     <name>hadoop.security.authorization</name> 
     <value>true</value> 
     <description>Enable authorization for different protocols. 
     </description> 
</property> 
 
<property>
     <name>hadoop.security.auth_to_local</name> 
     <value> 
     RULE:[2:$1@$0]([jt]t@.*EXAMPLE.COM)s/.*/mapred/ 
     RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/hdfs/ 
     RULE:[2:$1@$0](hm@.*EXAMPLE.COM)s/.*/hbase/ 
     RULE:[2:$1@$0](rs@.*EXAMPLE.COM)s/.*/hbase/ 
     DEFAULT
     </value> 
     <description>The mapping from kerberos principal names
     to local OS user names.</description>
</property>
 
<property>
     <name>hadoop.proxyuser.knox.groups</name>
     <value>users</value>
</property>
