Hortonworks Docs
»
Data Platform 3.1.0
»
Configuring Authentication with Kerberos
Configuring Authentication with Kerberos
Also available as:
Configuring Authentication with Kerberos
Kerberos Overview
Kerberos Principals Overview
Enabling SPNEGO Authentication for Hadoop
Set Up Kerberos for Ambari Server
Configure HTTP Authentication for HDFS, YARN, MapReduce2, HBase, Oozie, Falcon, and Storm
Enable Browser Access to a SPNEGO-enabled Web UI
Enabling Kerberos Authentication Using Ambari
Checklist: Installing and Configuring the KDC
Optional: Install a new MIT KDC
Optional: Use an Existing IPA
Install the JCE for Kerberos
Enabling Kerberos Security
Create Mappings Between Principals and UNIX Usernames
Running the Kerberos Security Wizard
Launch the Kerberos Wizard (Automated Setup)
Launch the Kerberos Wizard (Manual Setup)
Update KDC Admin Credentials
Customizing the Attribute Template
Disable Kerberos Security
Configuring HDP Components for Kerberos
Configuring Kafka for Kerberos
Kerberos for Kafka Prerequisites
Configuring the Kafka Broker for Kerberos
Create Kafka Topics
Produce Events or Messages to Kafka on a Secured Cluster
Consume Events or Messages from Kafka on a Secured Cluster
Authorizing Access when Kerberos is Enabled
Appendix: Kerberos Kafka Configuration Options
Server.properties key value pairs
JAAS Configuration File for the Kafka Server
Configuration Setting for the Kafka Producer
JAAS Configuration File for the Kafka Client
Configuring Storm for Kerberos
Kerberos for Storm Prerequisites
Designating a Storm Client Node
Dedicate or Use an Existing Gateway Node
Use an Existing Storm Node
Running Storm Commands
Running Workers as Users
Accessing the Storm UI
Accessing the Storm UI Active Directory Trust Configuration
Kerberos Storm Security Properties
Known Issues with Storm for Kerberos
Securing Apache HBase in a production environment
Installing Apache HBase with Kerberos on an existing HDP cluster
Verify if kerberos is enabled for HBase
Access Kerberos-enabled HBase cluster using a Java client
Download configurations
Set up client account
Create the Java client
Configuring Storm for Kerberos
This section describes how to configure Storm for Kerberos security on an Ambari-managed cluster.
Kerberos for Storm Prerequisites
If you are configuring Storm for Kerberos, your cluster must meet some prerequisites before you can enable Kerberos.
Designating a Storm Client Node
At this point in the configuration process there is no notion of a Storm client node (you won’t be able to select “client” via Ambari). There are two choices when specifying a Storm client node.
Running Workers as Users
In Storm secure mode, workers can run as the user (owner of the topology) who deployed the topology. This topic describes how to enable this.
Accessing the Storm UI
How to access the Storm UI.
Accessing the Storm UI Active Directory Trust Configuration
How to access the Storm UI AD trust configuration.
Kerberos Storm Security Properties
A reference table that lists important Storm security properties.
Known Issues with Storm for Kerberos
Reference of known issues with Storm for Kerberos.
Parent topic:
Configuring HDP Components for Kerberos
© 2012–2019, Hortonworks, Inc.
Document licensed under the
Creative Commons Attribution ShareAlike 4.0 License
.
Hortonworks.com
|
Documentation
|
Support
|
Community