This is the documentation for CDH 5.1.x. Documentation for other versions is available at Cloudera Documentation.

Llama Security Configuration

This section describes how to configure Llama in CDH 5 with Kerberos security in a Hadoop cluster.
  Note: At this point Llama has been tested only in a Cloudera Manager deployment. For information on using Cloudera Manager to configure Llama and Impala, see Installing Impala with Cloudera Manager.

Configuring Llama to Support Kerberos Security

  1. Create a Llama service user principal using the syntax: llama/<>@<YOUR-REALM>. This principal is used to authenticate with the Hadoop cluster, where is the host where Llama is running and YOUR-REALM is the name of your Kerberos realm:
    $ kadmin
    kadmin: addprinc -randkey
  2. Create a keytab file with the Llama principal:
    $ kadmin
    kadmin: xst -k llama.keytab llama/
  3. Test that the credentials in the keytab file work. For example:
    $ klist -e -k -t llama.keytab
  4. Copy the llama.keytab file to the Llama configuration directory. The owner of the llama.keytab file should be the llama user and the file should have owner-only read permissions.
  5. Edit the Llama llama-site.xml configuration file in the Llama configuration directory by setting the following properties:


    Value true llama/conf.keytab llama/<> impala

You must restart Llama to make the configuration changes take effect.

Page generated September 3, 2015.