Cloudera Enterprise 5.15.x | Other versions

Enabling Kerberos Authentication for Hadoop Using the Command Line

Important:

These instructions assume you know how to install and configure Kerberos, you already have a working Kerberos Key Distribution Center (KDC) and realm setup, and that you've installed the Kerberos user packages on all cluster machines and machines which will be used to access the cluster. Furthermore, Oozie and Hue require that the realm support renewable tickets. For more information about installing and configuring Kerberos, see:

Kerberos security in CDH 5 has been tested with the following version of MIT Kerberos 5:

krb5-1.6.1 on Red Hat Enterprise Linux 5 and CentOS 5

Kerberos security in CDH 5 is supported with the following versions of MIT Kerberos 5:

krb5-1.6.3 on SUSE Linux Enterprise Server (SLES) 11 Service Pack 1
krb5-1.8.1 on Ubuntu
krb5-1.8.2 on Red Hat Enterprise Linux 6 and CentOS 6
krb5-1.9 on Red Hat Enterprise Linux 6.1

Note: The krb5-server package includes a logrotate policy file to rotate log files monthly. To take advantage of this, install the logrotate package. No additional configuration is necessary.

If you want to enable Kerberos SPNEGO-based authentication for the Hadoop web interfaces, see the Hadoop Auth, Java HTTP SPNEGO Documentation.

Here are the general steps to configuring secure Hadoop, each of which is described in more detail in the following sections:

Page generated May 18, 2018.