Configure pass-through authentication in Splunk Web
With pass-through authentication, Splunk Analytics for Hadoopuses its Superuser as a proxy to Hadoop, which lets you interact with Hadoop as though you were the Hadoop user.
You might configure your Superuser as a Hadoop user with the same name as the Splunk Analytics for Hadoop user, or you can configure the Superuser as a user with different name.
To learn more about how pass-through authentication works, see About pass-through authentication.
Configure Hadoop users to allow pass-through authentication
Once you enable pass-through authentication, interactions with Hadoop happen as the Hadoop user acting as a proxy for the Splunk Analytics for Hadoop user who is logged in.
1. Make sure that any Hadoop user you want Splunk Analytics for Hadoop users to act as exists on each Hadoop node. You can manually create them or use LDAP to create them.
2. Ensure your Splunk Analytics for Hadoop Superuser is in the Hadoop Supergroup. You can find the Hadoop supergroup in the
hdfs-site.xml file as
If your Superuser is not in the Supergroup on each Hadoop node, use the following command to add the Superuser to the Supergroup on each node:
sudo usermod -G <group name> <user name>.
3. Create home directories in HDFS for the users in your Hadoop clusters, and ensure that provider's Hadoop home
vix.splunk.home.hdfs in HDFS is readable and executable by all the users added in step 2.
4. Add a stanza to
core-site.xml to allow the Hadoop user (with the same name as the Superuser) to act as a proxy for Hadoop users in designated node user groups:
Note: For best results, we recommend you do this against Kerberized clusters. For more information about using Kerberos, see Configure Kerberos Authentication.
<property> <name>hadoop.proxyuser.<name of your Superuser>.groups</name> <value>group1,group2</value> <description>Allows the Superuser to impersonate any members of the group group1 and group2</description> </property>
5. Optionally limit connections by host:
<property> <name>hadoop.proxyuser.<name of your Superuser>.hosts</name> <value>host1,host2</value> <description>The superuser can connect only from host1 and host2 to impersonate a user</description> </property>
Configure pass-through authentication
Configure pass-through authentication for any user that exists in Splunk Analytics for Hadoop via the Splunk Enterpirse native user functionality or LDAP. You can configure pass-through authentication for one or more users, and for groups of (LDAP) users.
For more information about how pass-through authentication works, see About pass-through authentication.
1. Click Settings > Virtual Indexes.
2. Click the pass-through authentication tab.
3. Select the Provider for which you want to map the user.
4. In the User field, select an existing Splunk Analytics for Hadoop user that you want to map to a Hadoop user.
5. Type the Name of the Hadoop User that you want the Splunk Analytics for Hadoop user to "impersonate".
6. Optionally, select a Queue associated with the Hadoop user you added. If you do not select a queue, the Splunk Analytics for Hadoop user is able to access any queue associated with the Hadoop user.
7. Click Save.
About pass-through authentication
Configure pass-through authentication in the configuration file
This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 8.0.0, 8.0.1, 8.0.2