Kudu authentication with Kerberos

Kudu can be configured to enforce secure authentication among servers, and between clients and servers. Authentication prevents untrusted actors from gaining access to Kudu, and securely identifies connecting users or services for authorization checks. Authentication in Kudu is designed to interoperate with other secure Hadoop components by utilizing Kerberos.

Configure authentication on Kudu servers using the --rpc_authentication flag, which can be set to one of the following options:
  • required - Kudu will reject connections from clients and servers who lack authentication credentials.
  • optional - Kudu will attempt to use strong authentication, but will allow unauthenticated connections.
  • disabled - Kudu will only allow unauthenticated connections.
By default, the flag is set to optional. To secure your cluster, set --rpc_authentication to required.