1、配置core-site.xml文件
添加如下配置
<property>
<name>hadoop.http.filter.initializers</name>
<value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
</property>
<property>
<name>hadoop.http.authentication.type</name>
<value>simple</value>
</property>
<property>
<name>hadoop.http.authentication.signature.secret.file</name>
<value>/data1/hadoop/hadoop/etc/hadoop/hadoop-http-auth-signature-secret</value>
</property>
<property>
<name>hadoop.http.authentication.simple.anonymous.allowed</name>
<value>false</value>
</property>
<property>
<name>hadoop.http.authentication.token.max-inactive-interval</name>
<value>60</value>
</property>
參數說明:
| 參數 | 說明 | 默認值 |
|---|---|---|
| hadoop.http.filter.initializers | 認證的類 | org.apache.hadoop.security.AuthenticationFilterInitializer |
| hadoop.http.authentication.type | 認證類型,有Kerberos和simple | simple |
| hadoop.http.authentication.signature.secret.file | 授權用戶文件,只有存在於這里面的用戶才能訪問集群 | $user.home/hadoop-http-auth-signature-secret |
| hadoop.http.authentication.simple.anonymous.allowed | 是否允許匿名用戶訪問 | true |
| hadoop.http.authentication.token.max-inactive-interval | 多少秒沒有操作,token將過期 | -1 |
2、重啟集群
3、認證
把要通過訪問的用戶添加到/data1/hadoop/hadoop/etc/hadoop/hadoop-http-auth-signature-secret文件里面
瀏覽器輸入:http://192.168.43.15:9870/?user.name=hadoop就可以進行訪問了。也就是在url的后面加上?user.name=xxx
這里本來想使用Kerberos作為web認證,但是死活認證失敗,web界面不能正常訪問,這里就換成了simple認證,后續在研究一下kerberos認證。不確定是否瀏覽器的這台主機需要有認證主體,才能進行web訪問。
https://blog.csdn.net/IUNIQUE/article/details/108615090 這哥們貌似實在window進行了Kerberos認證,可以進行訪問web
借鑒:
http://hadoop.apache.org/docs/r3.0.0/hadoop-project-dist/hadoop-common/HttpAuthentication.html
http://hadoop.apache.org/docs/stable/hadoop-auth/Examples.html
http://www.voidcn.com/article/p-bromwkhr-bth.html
https://blog.csdn.net/a822631129/article/details/48630093