This CDH 5 Security Guide is for Apache Hadoop developers and system administrators who want to implement Kerberos security on a CDH 5 cluster. This guide is intended for those who are using CDH 5 because it includes specific instructions about using the Cloudera packages to configure your system.

This guide includes the following major topics:

• Introduction to Hadoop Security
• Hadoop Users in CDH 5
• Configuring Hadoop Security in CDH 5
• Sentry Policy File Configuration
• Sentry Service Configuration
• Flume Security Configuration
• Hue Security Configuration
• Oozie Security Configuration
• HttpFS Security Configuration
• HBase Security Configuration
• Impala Security Configuration
• Hive Security Configuration
• HCatalog Security Configuration
• Llama Security Configuration
• ZooKeeper Security Configuration
• Search Security Configuration
• FUSE - Mountable HDFS Security Configuration
• Sqoop, Pig, and Whirr Security Support Status
• Configuring Encrypted Shuffle, Encrypted Web UIs, and Encrypted HDFS Transport
• Integrating Hadoop Security with Active Directory
• Integrating Hadoop Security with Alternate Authentication
• Appendix A – Troubleshooting
• Appendix B - Information about Other Hadoop Security Programs
• Appendix C - Configuring the Mapping from Kerberos Principals to Short Names
• Appendix D - Enabling Debugging Output for the Sun Kerberos Classes
• Appendix E - Task-controller and Container-executor Error Codes
• Appendix F - Using kadmin to Create Kerberos Keytab Files
• Appendix G - Setting Up a Gateway Node to Restrict Access
• Appendix H - Using a Web Browser to Access an URL Protected by Kerberos HTTP SPNEGO
• Appendix I - Configuring LDAP Group Mappings
• Appendix J - Before Logging a Support Case
• Appendix K - Authenticating Kerberos Principals in Java Code