Cloudera Docs

Enable Ranger Admin login using kerberos authentication

You can enable the Ranger Admin web UI to use kerberos authentication for browser-based login.

The Ranger Admin web UI does not allow kerberos authentication by default. To allow users of specific web browsers to login to the Ranger Admin web UI, you must add configuration properties to the ranger-admin-site.xml file.

  1. In Cloudera Manager Home, select Ranger, then choose Configuration.
  2. On Configuration, in Search, type ranger-admin.
  3. In conf/ranger-admin-site.xml_role_safety_valve, click + (Add).
  4. Add a key-value pair that configures the maximum number of days to retain Ranger Admin access log files.
    Name

    ranger.allow.kerberos.auth.login.browser

    Value

    true

  5. Optionally, you can a another key-value pair that defines specific web browsers that allow kerberos authenticated login.
    Name

    ranger.krb.browser-useragents-regex

    Value

    Mozilla,Opera,Chrome

  6. Click Save Changes.

    After saving changes, the Stale Configuration icon appears on the Cloudera Manager UI. Optionally, click Stale Configuration to view details.

  7. Select Actions > Restart.
Users should now be able to login to Ranger Admin UI using kerberos authentication.