Step 1 — Enabling formed auth security - Teaching Big Data Skills with Amazon EMR

Step 1 — Enabling formed auth security

  1. Navigate to the ZEPPELIN_CONF_DIR path on the EMR master node. The ZEPPELIN_CONF_DIR path will be set to /usr/lib/zeppelin directory.

  2. Go to the conf directory by typing cd conf and open the shiro.ini file for editing (vi or nano editor) by typing the command such as sudo vi shiro.ini

  3. In shiro.ini, comment and un-comment the below settings in the [urls] section. This tells Zeppelin to allow access only to users who authenticate to Zeppelin and not allow any anonymous user access.

Zeppelin is enabled with anonymous access by default. To disable anonymous access, comment out the below configuration setting by adding a # before the setting.

#/* = anon

Then, un-comment the below configuration setting by removing the # from the setting:

/* = authc

Additionally, in the same shiro.ini file, a few settings must be updated to ensure these configuration options are only available to users who are part of admin roles.

/api/interpreter/* = authc, roles[admin] /api/configurations/* = authc, roles[admin] /api/credential/* = authc, roles[admin]
Note

These settings already exist in the shiro.ini file (located at the end of the file). After these updates, the shiro.ini file appear like the following:

[urls] # authentication method and access control filters #/api/version = anon /api/interpreter/* = authc, roles[admin] /api/configurations/* = authc, roles[admin] /api/credential/* = authc, roles[admin] #/* = anon /* = authc
  1. Open shiro.ini file and add users in the [users] section of the file. For example:

[users] Hadoop, password1, admin student01, password2, role