GeoMesa includes initial support for Accumulo clusters which are authenticated using Kerberos. Currently keytabs
(and not cached TGTs) are supported, apart from initial setup which requires a cached TGT, usually obtained using
Kerberos support is a beta-level feature, and hasn’t been extensively tested with different environments and versions of Accumulo.
Kerberos functionality should be used as follows:
setup_namespace.shshould be called with the
-tflag to use a cached TGT.
geomesa-accumulocommand line tools should be used with the
HADOOP_HOMEare both set.
- Programmatic access via the GeoTools API should specify the
- The GeoServer store should specify the
core-site.xmlis accessible to GeoServer e.g. in the
Note that Kerberos support is only available in Accumulo 1.7.0 or newer.
15.9.1. Development & Testing¶
GeoMesa Kerberos support was developed against Hortonworks Data Platform 2.5 authenticating against an MIT KDC as described here. It has been tested in a limited production environment with Hortonworks Data Platform 2.5 authenticating against a Red Hat Identity Management server.