Sentry Webserver now supports Kerberos Authentication and Authorization. Currently Sentry web server mainly provides metric data, in future, rest api will also use it. Here are the configuration configurations for enable Kerberos Authentication and Authorization for web server.
Sentry Service (sentry-site.xml)
Enable Sentry Web Server
Config Property | Value | Default | Required |
---|---|---|---|
sentry.service.web.enable | true | false | Yes |
sentry.service.web.port | 51000 | 51000 | No |
Authentication
Config Property | Value | Default | Required |
---|---|---|---|
sentry.service.web.authentication.type | KERBEROS | NONE | Yes |
sentry.service.web.authentication.kerberos.principal | The principal name(HTTP/$FQDN@REALM) | - | Yes |
sentry.service.web.authentication.kerberos.keytab | Path to the File path of keytab file | - | Yes |
Authorization
Config Property | Value | Default | Required |
---|---|---|---|
sentry.service.web.authentication.allow.connect.users | Comma-separated list of users allowed to connect | sentry | Yes |