Configuring Authentication in Cloudera Manager
Overview
Kerberos Security Artifacts Overview
Kerberos Configuration Strategies for CDP
Configuring Authentication in Cloudera Manager
Cloudera Manager user accounts
Configuring external authentication and authorization for Cloudera Manager
Configuring PAM authentication with LDAP and SSSD
Configuring PAM authentication with Linux users
Configuring PAM authentication using Apache Knox
Configure authentication using Active Directory
Configure authentication using an LDAP-compliant identity service
Configure authentication using Kerberos (SPNEGO)
Configure authentication using an external program
Configure authentication using SAML
Enabling Kerberos Authentication for CDP
Step 1: Install Cloudera Manager and CDP
Step 2: Install JCE policy files for AES-256 encryption
Step 3: Create the Kerberos Principal for Cloudera Manager Server
Step 4: Enable Kerberos using the wizard
Step 5: Create the HDFS superuser
Step 6: Get or create a Kerberos principal for each user account
Step 7: Prepare the cluster for each user
Step 8: Verify that Kerberos security is working
Step 9: (Optional) Enable authentication for HTTP web consoles for Hadoop roles
Kerberos authentication for non-default users
Customizing Kerberos Principals and System Users
Enabling feature flag for Custom Kerberos Principals and System Users
Customizing Kerberos Principals and System Users (Recommended)
Customizing only Kerberos Principals
Configuring custom Kerberos principal for Atlas
Configuring custom Kerberos principal for Cruise Control
Configuring custom Kerberos principal for Apache Flink
Configuring custom Kerberos principal for HBase
Configuring custom Kerberos principal for HDFS
Configuring custom Kerberos principal for Hive and Hive-on-Tez
Configuring custom Kerberos principal for HttpFS
Configuring custom Kerberos principal for Hue
Configuring Kerberos Authentication for Impala
Configuring custom Kerberos principal for Kafka
Configuring custom Kerberos principal for Knox
Configuring custom Kerberos principal for Kudu
Configuring custom Kerberos principal for Livy
Configuring custom Kerberos principal for NiFi and NiFi Registry
Configuring custom Kerberos principal for Omid
Configuring custom Kerberos principal for Oozie
Configuring custom Kerberos principal for Ozone
Configuring custom Kerberos principal for Phoenix
Configuring custom Kerberos principal for Ranger
Configuring Custom Kerberos Principal for Ranger KMS
Configuring custom Kerberos principal for Schema Registry
Configuring custom Kerberos principals for Solr
Configuring custom Kerberos principal for Spark
Configuring custom Kerberos principal for Streams Messaging Manager
Configuring custom Kerberos principal for SQL Stream Builder
Configuring custom Kerberos principal for Streams Replication Manager
Enabling custom Kerberos principal support in YARN
Enabling custom Kerberos principal support in a Queue Manager cluster
Configuring custom Kerberos principal for Zeppelin
Configuring custom Kerberos principal for ZooKeeper
Managing Kerberos credentials using Cloudera Manager
Using a custom Kerberos keytab retrieval script
Adding trusted realms to the cluster
Using auth-to-local rules to isolate cluster users
Configuring a dedicated MIT KDC for cross-realm trust
Integrating MIT Kerberos and Active Directory
Hadoop Users (user:group) and Kerberos Principals
Mapping Kerberos Principals to Short Names
Using a custom Kerberos configuration path