Enabling Kerberos authentication and RPC encryption

You must aleady have a secure Cloudera Manager cluster with Kerberos authentication enabled.

  1. Go to the Kudu service.
  2. Click the Configuration tab.
  3. Select Category > Main.
  4. In the Search field, type Kerberos to show the relevant properties.
  5. Edit the following properties according to your cluster configuration:
    Field Usage Notes
    Kerberos Principal Set to the default principal, kudu. Currently, Kudu does not support configuring a custom service principal for Kudu processes.
    Enable Secure Authentication And Encryption Select this checkbox to enable authentication and RPC encryption between all Kudu clients and servers, as well as between individual servers. Only enable this property after you have configured Kerberos.
  6. Click Save Changes.
  7. You will see an error message that tells you the Kudu keytab is missing. To generate the keytab, go to the top navigation bar and click Administration > Security.
  8. Go to the Kerberos Credentials tab. On this page you will see a list of the existing Kerberos principals for services running on the cluster.
  9. Click Generate Missing Credentials. Once the Generate Missing Credentials command has finished running, you will see the Kudu principal added to the list.