Enabling Kerberos authentication and RPC encryption
You must already have a secure Cloudera Manager cluster with Kerberos authentication enabled.
- In Cloudera Manager, navigate to Kudu > Configuration.
- In the Search field, type Kerberos to show the relevant properties.
-
Find and edit the following properties according to your cluster
configuration:
Field Usage Notes Kerberos Principal Set to the default principal, kudu
. Currently, Kudu does not support configuring a custom service principal for Kudu processes.Enable Secure Authentication And Encryption Select this checkbox to enable authentication and RPC encryption between all Kudu clients and servers, as well as between individual servers. Only enable this property after you have configured Kerberos. If this is not selected, security is not enforced but secured clients are not rejected either and the connection will be encrypted if both sides support it.
-
Click Save Changes.
An error message displayed that tells you the Kudu keytab is missing.
- Navigate to Administration > Security.
-
Select the Kerberos Credentials tab.
On this page you will see a list of the existing Kerberos principals for services running on the cluster.
-
Click Generate Missing
Credentials
Once the Generate Missing Credentials command has finished running, you will see the Kudu principal added to the list.