Configuring Hadoop Authentication

Learn about how to configure Hadoop Authentication for a Service.

Cloudera Data Engineering UI
Cloudera Data Engineering API

In the Cloudera console, click the Data Engineering tile. The Cloudera Data Engineering Home page displays.
Click Administration in the left navigation menu. The Administration page displays.
In the Services column, select the environment for which you want to configure the Hadoop Authentication and click Service Details.
Click Hadoop Authentication.
note
In the Hadoop Authentication tab, the User field is automatically populated with the username of the logged-in user.
Enter the Principal value.
Under Authentication Type, choose one of the following options:
- Using Keytab file:
  1. Under Authentication Type, select Keytab file checkbox.
    important
    To generate a keytab named <username>.keytab manually for a user using ktutil, run the following commands:
    sudo ktutil ktutil: addent -password -p <username>@EXAMPLE.COM -k 1 -e aes256-cts Password for <username>@EXAMPLE.COM: ktutil: addent -password -p <username>@EXAMPLE.COM -k 2 -e aes128-cts Password for <username>@EXAMPLE.COM: ktutil: wkt <username>.keytab ktutil: q
    For example, if you want to generate a keytab named psherman.keytab, run the following commands:
    sudo ktutil ktutil: addent -password -p psherman@EXAMPLE.COM -k 1 -e aes256-cts Password for psherman@EXAMPLE.COM: ktutil: addent -password -p psherman@EXAMPLE.COM -k 2 -e aes128-cts Password for psherman@EXAMPLE.COM: ktutil: wkt psherman.keytab ktutil: q
  2. Click Select File and select the relevant keytab file. For more information about how to get the keytab file, see Kerberos Configuration Strategies for CDP.
- Using password:
  note
  This option is available only from Cloudera Data Engineering 1.5.5 SP1 onwards only.
  1. Under Authentication Type, select Password checkbox.
  2. In the Password text box, enter the kerberos password.
Click Authenticate.

Get the Keytab metadata. For more information about how to get the keytab file, see Kerberos Configuration Strategies for CDP.
```
curl -X GET -H "Authorization: Bearer ${CDE_TOKEN}" \
<service-url>/user-auth/api/v1/kerberos
```
To get CDE_TOKEN and service-url, see Getting a Cloudera Data Engineering API access token.
important
To get the CDE_TOKEN for Machine Users, see Using CDP Access keys tab in Getting a Cloudera Data Engineering API access token page.

Upload the Keytab file.

curl -H "Authorization: Bearer ${CDE_TOKEN}" <service-url>/user-auth/api/v1/kerberos \
-H "Content-Type: application/json" \
-X POST 
--form 'principal="<Principal>"' \
--form 'file=@"</path/to/keytab/file>"'