Add the following to the hbase-site.xml file
for every Thrift gateway:
<property>
<name>hbase.thrift.kerberos.principal</name>
<value>$USER/_HOST@HADOOP.LOCALDOMAIN</value>
</property>
<property>
<name>hbase.thrift.keytab.file</name>
<value>/etc/hbase/conf/hbase.keytab</value>
</property>
Substitute the appropriate principal and keytab file respectively.
The Thrift gateway authenticates with HBase using the supplied credentials. No authentication is performed by the Thrift gateway itself. All client access via the Thrift gateway uses the Thrift gateway's credentials and has its privileges.
