Hortonworks Docs
»
Hortonworks Data Platform 3.1.4
»
Security Reference
Security Reference
Also available as:
Non-Ambari Security Overview
Setting Up Kerberos Authentication for Non-Ambari Clusters
Preparing Kerberos
Non-Ambari Kerberos Overview
Install and Configure the KDC (Non-Ambari)
Create the Database and Set Up the First Administrator
Create Service Principals and Keytab Files for HDP (Non-Ambari)
Configuring HDP for Kerberos
Create Mappings Between Principals and UNIX Usernames
Adding Security Information to Configuration Files
core-site.xml
hdfs-site.xml
yarn-site.xml
mapred-site.xml
hbase-site.xml
hive-site.xml
oozie-site.xml
webhcat-site.xml
limits.conf
Configuring HTTP Cookie Persistence
Configuring HBase and ZooKeeper
Configure HBase Master
Create JAAS configuration files
Start HBase and ZooKeeper services
Configure Secure Client-Side Access for HBase
Optional: Configure Client-Side Operation for Secure Operation- Thrift Gateway
Optional: Configure Client-Side Operation for Secure Operation- REST Gateway
Configure HBase for Access Control Lists (ACL)
Configure Phoenix Query Server
Set up One-Way Trust with Active Directory
Configuring Proxy Users
Configure Non-Ambari Ranger SSL
Configuring Non-Ambari Ranger SSL Using Public CA Certificates
Configure Ranger Admin
Configure Ranger Usersync
Configure the Ranger HDFS Plugin for SSL
Configuring a Self-Signed Certificate (Non-Ambari Ranger SSL)
Configure Ranger Admin
Configure Ranger Usersync
Configure Ranger Plugins
Enable Audit Logging in Non-Ambari Clusters
Knox Reference
Configuring Gateway Security
Implementing Web Application Security
Configure a Protection Filter Against CSRF
Knox Admin UI Quicklink Requirements for Unsecured Clusters
Set up the Knox Token Service for Ranger APIs
Ambari CLI Wizard for Knox SSO Reference
Ranger Reference
Use Consolidated DB Schema Script to Reduce Ranger Install Time
Ranger Kafka Policy Authorization Model
Preparing Kerberos
This subsection provides information on setting up Kerberos for an HDP installation.
Non-Ambari Kerberos Overview
To create secure communication among its various components, HDP uses Kerberos. Kerberos is a third-party authentication mechanism, in which users and services that users wish to access rely on the Kerberos server to authenticate each to the other. This mechanism also supports encrypting all traffic between the user and the service.
Install and Configure the KDC (Non-Ambari)
To use Kerberos with HDP, either use an existing KDC or install a new one for HDP only. This section gives a very high level description of the installation process when setting up Kerberos for non-Ambari clusters.
Create the Database and Set Up the First Administrator
How to create a database and configure the admin when setting up Kerberos for non-Ambari clusters..
Create Service Principals and Keytab Files for HDP (Non-Ambari)
How to create service principals and keytab files when setting up Kerberos for non-Ambari clusters.
Parent topic:
Setting Up Kerberos Authentication for Non-Ambari Clusters
© 2012–2019, Hortonworks, Inc.
Document licensed under the
Creative Commons Attribution ShareAlike 4.0 License
.
Hortonworks.com
|
Documentation
|
Support
|
Community