Sqoop 2 Authentication

This section describes how to configure Sqoop 2 with Kerberos security in a Hadoop cluster.

  1. Create the Sqoop 2 Principal and Keytab File
  2. Configure Sqoop 2 to Use Kerberos

Create the Sqoop 2 Principal and Keytab File

You need to create a sqoop2.keytab file for Sqoop 2. Follow these steps:

  1. Create the principal and keytab file:
    kadmin: addprinc -randkey sqoop2/fully.qualified.domain.name@YOUR-REALM.COM
    kadmin: xst -k sqoop2.keytab sqoop2/fully.qualified.domain.name
  2. Move the file into the Sqoop 2 configuration directory and restrict its access exclusively to the sqoop2 user:
    $ mv sqoop2.keytab /etc/sqoop2/conf/
    $ chown sqoop2 /etc/sqoop2/conf/sqoop2.keytab
    $ chmod 400 /etc/sqoop2/conf/sqoop2.keytab
    For more details on creating Kerberos principals and keytabs, see Step 4: Create and Deploy the Kerberos Principals and Keytab Files.

Configure Sqoop 2 to Use Kerberos

Edit the Sqoop 2 configuration file sqoop.properties file in the /etc/sqoop2/conf directory and add the following properties:

org.apache.sqoop.authentication.type=KERBEROS
org.apache.sqoop.authentication.handler=org.apache.sqoop.security.KerberosAuthenticationHandler
org.apache.sqoop.authentication.kerberos.principal=sqoop2/fully.qualified.domain.name@YOUR-REALM.COM
org.apache.sqoop.authentication.kerberos.keytab=/etc/sqoop2/conf/sqoop2.keytab