Cloudera Docs
»
2.3.4
»
Hadoop Security Guide
Hadoop Security Guide
Also available as:
Contents
1. Hadoop Security Features
2. Setting Up Security for Manual Installs
Preparing Kerberos
Kerberos Overview
Installing and Configuring the KDC
Creating the Database and Setting Up the First Administrator
Creating Service Principals and Keytab Files for HDP
Configuring HDP for Kerberos
Creating Mappings Between Principals and UNIX Usernames
Examples
Adding Security Information to Configuration Files
core-site.xml
HTTP Cookie Persistence
hdfs-site.xml
yarn-site.xml
mapred-site.xml
hbase-site.xml
hive-site.xml
oozie-site.xml
webhcat-site.xml
limits.conf
Configuring Secure HBase and ZooKeeper
Configure HBase Master
Create JAAS configuration files
Start HBase and ZooKeeper services
Configure secure client side access for HBase
Optional: Configure client-side operation for secure operation - Thrift Gateway
Optional: Configure client-side operation for secure operation - REST Gateway
Configure HBase for Access Control Lists (ACL)
Configuring Hue
Setting up One-Way Trust with Active Directory
Configure Kerberos Hadoop Realm on the AD DC
Configure the AD Domain on the KDC and Hadoop Cluster Hosts
Configuring Proxy Users
3. Data Protection: Wire Encryption
Enabling RPC Encryption
Enabling Data Transfer Protocol
Enabling SSL: Understanding the Hadoop SSL Keystore Factory
Creating and Managing SSL Certificates
Obtain a Certificate from a Trusted Third-Party Certification Authority (CA)
Create and Set Up an Internal CA (OpenSSL)
Installing Certificates in the Hadoop SSL Keystore Factory (HDFS, MapReduce, and YARN)
Using a CA-Signed Certificate
Enabling SSL for HDP Components
Enable SSL for WebHDFS, MapReduce Shuffle, and YARN
Enable SSL on Oozie
Configure Oozie HCatalogJob Properties
Enable SSL on the HBase REST Server
Enable SSL on the HBase Web UI
Enable SSL on HiveServer2
Enable SSL for Kafka Clients
Configuring the Kafka Broker
Configuring Kafka Producer and Kafka Consumer
Connecting to SSL-Enabled Components
Connect to SSL Enabled HiveServer2 using JDBC
Connect to SSL Enabled Oozie Server
Use a Self-signed Certificate from Oozie Java Clients
Connect to Oozie from Java Clients
Connect to Oozie from a Web Browser
« Prev
Next »
Preparing Kerberos
This subsection provides information on setting up Kerberos for an HDP installation.
© 2012–2021 by Cloudera, Inc.
Document licensed under the
Creative Commons Attribution ShareAlike 4.0 License
.
Cloudera.com
|
Documentation
|
Support
|
Community