Sentry Webserver now supports Kerberos Authentication and Authorization. Currently Sentry web server mainly provides metric data, in future, rest api will also use it. Here are the configurations for enable Kerberos Authentication and Authorization for web server.
Sentry Service (sentry-site.xml)
Enable Sentry Web Server
Config Property | Value | Default | Required |
---|---|---|---|
sentry.service.web.enable | true | false | Yes |
sentry.service.web.port | 51000 | 51000 | No |
Authentication
Config Property | Value | Default | Required |
---|---|---|---|
sentry.service.web.authentication.type | KERBEROS | NONE | Yes |
sentry.service.web.authentication.kerberos.principal | The principal name | - | Yes |
sentry.service.web.authentication.kerberos.keytab | Path to the keytab file | - | Yes |
Authorization
Config Property | Value | Default | Required |
---|---|---|---|
sentry.service.web.authentication.allow.connect.users | Comma-separated list of users allowed to connect | sentry | Yes |
...