How to secure the Impala Web User Interface using .htpasswd mechanism.

Document created by Hao Zhu Employee on Feb 18, 2016
Version 1Show Document
  • View in full screen mode

Author: Hao Zhu

Original Publication Date: April 2, 2015

 

Env:

Impala 1.4.1

MapR 4.x

MapR 3.x

Goal:

How to secure the Impala Web User Interface using .htpasswd mechanism.

Solution:

1. Install "mongoose" which is to generate the password file.

yum install moogoose

Note that the "htpasswd" tool from "yum install httpd-tools" does not work with this feature.

2. Create password file.

mongoose -A .htpasswd mydomain.com username password

The password is encrypted using MD5 by default:

# cat .htpasswd 
username:mydomain.com:5607796dbeb0459163672335351fe17a

Note: "mydomain.com" is the default domain name of configuration "--webserver_authentication_domain".

If other domain name is used, please make sure the value of "--webserver_authentication_domain" and the domain name option for command "mongoose" are the same.

3. Place password file.

Here are 2 options:

    a. Place the password file under $IMPALA_HOME. (Default Location)

 

For example, $IMPALA_HOME by default is /opt/mapr/impala/impala-1.4.1/.

After that, no need to restart any impala services.

 

    b. Place the password file to other directory.

 

Then change "--webserver_password_file" to that directory for impalad and statestored.

After that, restart impalad and statestored. For example:

maprcli node services -name impalastore -action restart -nodes <node1> 
maprcli node services -name impalaserver -action restart -nodes <node1>

Please replace "<node1>" with the correct host name on which the impala service is running.

4.Verify on Impala Web UI.

http://<IP of Impalad>:25000/

Type the username and password to verify.

 

Attachments

    Outcomes