Hi everyone,
I have problems with HUE and HBASE integration with Kerberos + impersonation. My environment is an Ambari-managed Hortonworks.
I have followed the following URL:
If I use hbase/_
HO...@example.com for the thrift principal then HUE's HBASE view returns an authentication error. Looking at network captures I see that the base64 authentication token send by HUE to the thrift server references HTTP/_HOST instead of hbase/_HOST, which is odd (BTW, there is also a "doAs: hue" header in case is of interest).
If I change the thrift principal to HTTP/_
HO...@example.com then the authentication issue disappears, which is coherent with what the authentication token states...however the Hbase view now gets stuck forever and eventually a "too many retries" kind of error is shown.
Looking at network captures I see the following message in the communication between the thrift server and the Hbase Master (in particular, it is a message returned by the Master):
6org.apache.hadoop.hbase.security.AccessDeniedException.YUser: HTTP/
edge....@example.com is not allowed to impersonate hue(.
The meaning of the messsage is clear, but I do not know how to fix it. I presume that the thrift server should try to impersonate hue while being hbase, achieved by following the procedure above, but as mentioned the standard procedure fails on me.
Can you give me a clue of what could be happening? Many thanks in advance.