Enabling Kerberos Authentication for CDP
How to use the Cloudera Manager Kerberos wizard to set up authentication.
Minimum Required Role: Cluster Administrator (also provided by Full Administrator)
Cloudera Manager provides a wizard for integrating your organization's Kerberos instance with your cluster to provide authentication services.
Kerberos must already be deployed in your organization and the Kerberos key distribution center (KDC) must be ready to use, with a realm established. If you are using Red Hat Identity Management/FreeIPA, all of your cluster hosts must already be joined to the IPA domain. For Hue and Oozie, the Kerberos realm must support renewable tickets.
Cloudera Manager clusters can be integrated with MIT Kerberos, Red Hat Identity Management (or the upstream FreeIPA), or Microsoft Active Directory.
For Active Directory, you must have administrative privileges to the Active Directory instance for initial setup and for on-going management, or you will need to have the help of your AD administrator prior to and during the integration process. For example, administrative access is needed to access the Active Directory KDC, create principals, and troubleshoot Kerberos TGT/TGS-ticket-renewal and take care of any other issues that may arise.
For Red Hat IdM, make sure that all cluster hosts are joined to the IPA
domain. You can join a host to the domain by installing the
freeipa-client package and then running the
|RHEL 7 Compatible, RHEL 6 Compatible||
Cloudera supports the Kerberos version that ships with each supported operating system listed
Operating System Requirements.