Hortonworks Data Platform

Ambari Security Guide

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

2015-07-21

Abstract

The Hortonworks Data Platform, powered by Apache Hadoop, is a massively scalable and 100% open source platform for storing, processing and analyzing large volumes of data. It is designed to deal with data from many sources and formats in a very quick, easy and cost-effective manner. The Hortonworks Data Platform consists of the essential set of Apache Hadoop projects including MapReduce, Hadoop Distributed File System (HDFS), HCatalog, Pig, Hive, HBase, Zookeeper and Ambari. Hortonworks is the major contributor of code and patches to many of these projects. These projects have been integrated and tested as part of the Hortonworks Data Platform release process and installation and configuration tools have also been included.

Unlike other providers of platforms built using Apache Hadoop, Hortonworks contributes 100% of our code back to the Apache Software Foundation. The Hortonworks Data Platform is Apache-licensed and completely open source. We sell only expert technical support, training and partner-enablement services. All of our technology is, and will remain free and open source. Please visit the Hortonworks Data Platform page for more information on Hortonworks technology. For more information on Hortonworks services, please visit either the Support or Training page. Feel free to Contact Us directly to discuss your specific needs.


Contents

1. Ambari Security Guide
2. Configuring Ambari and Hadoop for Kerberos
1. Kerberos Overview
2. Hadoop and Kerberos Principals
3. Installing and Configuring the KDC
3.1. Use an Exisiting MIT KDC
3.2. Use an Existing Active Directory
3.3. Use Manual Kerberos Setup
3.4. (Optional) Install a new MIT KDC
4. Enabling Kerberos Security
4.1. Installing the JCE
4.2. Running the Kerberos Security Wizard
5. Kerberos Client Packages
6. Disabling Kerberos Security
7. Customizing the Attribute Template
3. Advanced Security Options for Ambari
1. Configuring Ambari for LDAP or Active Directory Authentication
1.1. Setting Up LDAP User Authentication
1.2. Configure Ambari to use LDAP Server
1.3. Synchronizing LDAP Users and Groups
1.4. Specific Set of Users and Groups
1.5. Existing Users and Groups
1.6. All Users and Groups
2. Configuring Ambari for Non-Root
2.1. How to Configure Ambari Server for Non-Root
2.2. How to Configure an Ambari Agent for Non-Root
3. Optional: Encrypt Database and LDAP Passwords
3.1. Reset Encryption
3.2. Remove Encryption Entirely
3.3. Change the Current Master Key
4. Optional: Set Up SSL for Ambari
5. Optional: Set Up Kerberos for Ambari Server
6. Set Up Truststore for Ambari Server
7. Optional: Set Up Two-Way SSL Between Ambari Server and Ambari Agents
8. Optional: Configure Ciphers and Protocols for Ambari Server
4. Enabling SPNEGO Authentication for Hadoop
1. Configure Ambari Server for Authenticated HTTP
2. Configuring HTTP Authentication for HDFS, YARN, MapReduce2, HBase, Oozie, Falcon and Storm

loading table of contents...