Configure a secure Kudu cluster using Cloudera Manager
You can configure a secure Kudu cluster using Cloudera Manager. For that you need
enabled Kerberos authentication and RPC encryption, configure coarse-grained authorization,
and configure HTTPS encryption. Optionally you can configure fina-grained authoriztation using
Enable Kerberos authentication and RPC encryption You must aleady have a secure Cloudera Manager cluster with Kerberos authentication enabled. Configure coarse-grained authorization with ACLs The coarse-grained authorization can be configured with the following two ACLs: the Superuser Access Control List and the User Access Control List. The Superuser ACL is the list of all the superusers that can access the cluster. User-level access can be controlled by using the User ACL. By default, all the users can access the clusters. But when you enable authentication using Kerberos, only the users who are able to authenticate successfully can access the cluster. Enable Ranger authorization You can configure fine-grained authorization using Apache Ranger. This topic provides the steps to enable Kudu's integration with Ranger from Cloudera Manager. Configure HTTPS encryption Lastly, you enable TLS/SSL encryption (over HTTPS) for browser-based connections to both the Kudu master and tablet server web UIs.