Custom Kerberos principal hostnames for Cloudera Data Warehouse environments
Cloudera Data Warehouse on premises allows administrators to specify a custom hostname for the Kerberos service principal during environment activation. This feature addresses scenarios where default internal hostnames are inaccessible or non-existent outside the Kubernetes cluster. By enabling this option, Cloudera Data Warehouse can consolidate its Kerberos identity requirements into a single, user-defined principal that aligns with specific enterprise security and DNS standards.
Enhanced Kerberos configuration
- Identity consolidation: The system moves from requiring multiple default principals (one for the Environment and another for the Database Catalog) to a single, stable identity.
- Custom DNS Alignment: Administrators have the option to configure a hostname that is recognized by their external enterprise network.
By enabling this optional feature and providing a custom hostname, Cloudera Data Warehouse on premises can consolidate its Kerberos identity requirements.
This results in a change from two default principals to a single, customer-defined principal.
| Configuration option | Kerberos principal requirements | Example of principal name |
|---|---|---|
| Uses custom hostname provided | One principal is required:
|
hive/custom.hostname@REALM |
