Sentry Webserver now supports Kerberos Authentication and Authorization. Currently Sentry web server mainly provides metric data, in future, rest api will also use it. Here are the configurations for enable Kerberos Authentication and Authorization for web server.
Sentry Service (sentry-site.xml)
Enable Sentry Web Server
| Config Property | Value | Default | Required |
|---|---|---|---|
| sentry.service.web.enable | true | false | Yes |
| sentry.service.web.port | 51000 | 51000 | No |
Authentication
| Config Property | Value | Default | Required |
|---|---|---|---|
| sentry.service.web.authentication.type | KERBEROS | NONE | Yes |
| sentry.service.web.authentication.kerberos.principal | The principal name(HTTP/$FQDN@REALM) | - | Yes |
| sentry.service.web.authentication.kerberos.keytab | File path of keytab file | - | Yes |
Authorization
| Config Property | Value | Default | Required |
|---|---|---|---|
| sentry.service.web.authentication.allow.connect.users | Comma-separated list of users allowed to connect | sentry | Yes |