Functional accounts
Cloudera Manager and CDP Private Cloud Base use dedicated functional accounts for the associated daemon processes. By default, these accounts are created as local accounts on every machine in the cluster that needs them if they do not already exist (locally or from a directory service, such as LDAP).
Kerberos deployment models (including identity integration with Active Directory) are covered in detail within the Authentication documentation. Refer to the CDP Security Reference Architecture for more details about Kerberos and related security best practices.