While implementing a secure HDFS setup with federation, I was reviewing the
NameNode properties which are allowed to be set on a per nameservice basis.
Omitted from those properties were the
dfs.web.authentication.kerberos.principal and
dfs.web.authentication.kerberos.keytab properties.

Is there a technical reason that these are to be common across all
NameNodes or is it just that this hasn't been a requested feature yet? In
our case we're using federation to achieve isolation, so I feel it would
make sense to want to separate the kerberos credentials on a per NameNode
basis for the HTTP server as well.

Kind Regards,


Reply via email to