This is the documentation for Cloudera Manager 5.1.x. Documentation for other versions is available at Cloudera Documentation.
Appendix A - Manually Configuring Kerberos Using Cloudera Manager
Note that certain steps in the following procedure to configure Kerberos security may not be completed without Administrator role privileges.
Important- Prerequisites - These instructions
assume you know how to install and configure Kerberos, you already have a working Kerberos
key distribution center (KDC) and realm setup, and that you've installed the Kerberos
client packages on all cluster hosts and hosts that will be used to access the cluster.
Furthermore, Oozie and Hue require that the realm support renewable tickets. Cloudera
Manager supports setting up kerberized clusters with MIT KDC and Active Directory.
For more information about using Active Directory, see the Microsoft AD documentation.
For more information about installing and configuring MIT KDC, see: - Support
- Kerberos security in Cloudera Manager has been tested on the
following version of MIT Kerberos 5:
- krb5-1.6.1 on Red Hat Enterprise Linux 5 and CentOS 5
- Kerberos security in Cloudera Manager is supported on the
following versions of MIT Kerberos 5:
- krb5-1.6.3 on SUSE Linux Enterprise Server 11 Service Pack 1
- krb5-1.8.1 on Ubuntu
- krb5-1.8.2 on Red Hat Enterprise Linux 6 and CentOS 6
- krb5-1.9 on Red Hat Enterprise Linux 6.1
- Kerberos security in Cloudera Manager has been tested on the
following version of MIT Kerberos 5:
Here are the general steps to using Cloudera Manager to configure Hadoop security on your cluster, each of which is described in more detail in the following sections:
- Step 1: Install Cloudera Manager and CDH
- Step 2: If You are Using AES-256 Encryption, Install the JCE Policy File
- Step 3: Get or Create a Kerberos Principal for the Cloudera Manager Server
- Step 4: Import KDC Account Manager Credentials
- Step 5: Configure the Kerberos Default Realm in the Cloudera Manager Admin Console
- Step 6: Stop All Services
- Step 7: Enable Hadoop Security
- Step 8: Wait for the Generate Credentials Command to Finish
- Step 9: Enable Hue to Work with Hadoop Security using Cloudera Manager
- Step 10: (Flume Only) Use Substitution Variables for the Kerberos Principal and Keytab
- Step 11: (CDH 4.0 and 4.1 only) Configure Hue to Use a Local Hive Metastore
- Step 12: Start All Services
- Step 13: Deploy Client Configurations
- Step 14: Create the HDFS Superuser Principal
- Step 15: Get or Create a Kerberos Principal for Each User Account
- Step 16: Prepare the Cluster for Each User
- Step 17: Verify that Kerberos Security is Working
- Step 18: (Optional) Enable Authentication for HTTP Web Consoles for Hadoop Roles
| << Known Kerberos Issues in Cloudera Manager | Step 1: Install Cloudera Manager and CDH >> | |