Configuring Authentication in Cloudera Manager
Overview
Kerberos Security Artifacts Overview
Kerberos Configuration Strategies for CDP
Configuring Authentication in Cloudera Manager
Cloudera Manager user accounts
Configuring external authentication and authorization for Cloudera Manager
Configuring PAM authentication with LDAP and SSSD
Configuring PAM authentication with Linux users
Configuring PAM authentication using Apache Knox
Configure authentication using Active Directory
Configure authentication using an LDAP-compliant identity service
Configure authentication using Kerberos (SPNEGO)
Configure authentication using an external program
Configure authentication using SAML
Enabling Kerberos Authentication for CDP
Step 1: Install Cloudera Manager and CDP
Step 2: Install JCE policy files for AES-256 encryption
Step 3: Create the Kerberos Principal for Cloudera Manager Server
Step 4: Enable Kerberos using the wizard
Step 5: Create the HDFS superuser
Step 6: Get or create a Kerberos principal for each user account
Step 7: Prepare the cluster for each user
Step 8: Verify that Kerberos security is working
Step 9: (Optional) Enable authentication for HTTP web consoles for Hadoop roles
Kerberos authentication for non-default users
Customizing Kerberos principals
Managing Kerberos credentials using Cloudera Manager
Using a custom Kerberos keytab retrieval script
Adding trusted realms to the cluster
Using auth-to-local rules to isolate cluster users
Configuring a dedicated MIT KDC for cross-realm trust
Integrating MIT Kerberos and Active Directory
Hadoop Users (user:group) and Kerberos Principals
Mapping Kerberos Principals to Short Names