SPNEGO authentication in HUE
You can set up the SPNEGO authentication for the HUE UI, which allows accessing it securely and remotely. This authentication type is compatible with the LDAP authentication.
To set up the SPNEGO authentication, complete the following steps:
-
Go to the ADCM UI and select the Clusters page.
-
Click the
Action icon in your cluster entry and select Manage Kerberos.
Manage Kerberos action -
In the window that appears, turn on the Existing Active Directory switch.
Existing Active Directory parameter group switch -
Select the Authentication on WEB UIs parameter and set it to
true. -
Specify values for the other parameters in this group according to the Configure Kerberos authentication based on Active Directory via ADCM article.
-
Click Run and wait for the action to complete.
-
Select your cluster, open the HUE service page, and on the Components tab select the HUE Server component.
HUE Server component -
On the Primary configuration tab, open the Authentication on WEB UIs parameter group and set the desktop.kerberos.kerberos_auth parameter to
true.
HUE Server primary configuration -
If necessary, specify the desktop.kerberos.spnego_principal parameter. It defines the default Kerberos principal. If it is left empty, then the principal is obtained from the ticket.
-
Save the configuration by clicking Save → Create and restart the service by clicking Actions → Restart HUE Server.
Before you use the SPNEGO authentication for the HUE UI, make sure that the Kerberos service is installed and set up on your local machine. Also, your browser must be configured to support Kerberos — refer to the SPNEGO authentication article for instructions for Mozilla Firefox and Google Chrome. Run the kinit command before establishing connection.