This is the documentation for Cloudera Enterprise 5.8.x. Documentation for other versions is available at Cloudera Documentation.

Enabling Kerberos Authentication for Hadoop Using the Command Line

  Important:

These instructions assume you know how to install and configure Kerberos, you already have a working Kerberos Key Distribution Center (KDC) and realm setup, and that you've installed the Kerberos user packages on all cluster machines and machines which will be used to access the cluster. Furthermore, Oozie and Hue require that the realm support renewable tickets. For more information about installing and configuring Kerberos, see:

Kerberos security in CDH 5 has been tested with the following version of MIT Kerberos 5:

  • krb5-1.6.1 on Red Hat Enterprise Linux 5 and CentOS 5

Kerberos security in CDH 5 is supported with the following versions of MIT Kerberos 5:

  • krb5-1.6.3 on SUSE Linux Enterprise Server (SLES) 11 Service Pack 1
  • krb5-1.8.1 on Ubuntu
  • krb5-1.8.2 on Red Hat Enterprise Linux 6 and CentOS 6
  • krb5-1.9 on Red Hat Enterprise Linux 6.1

If you want to enable Kerberos SPNEGO-based authentication for the Hadoop web interfaces, see the Hadoop Auth, Java HTTP SPNEGO Documentation.

Here are the general steps to configuring secure Hadoop, each of which is described in more detail in the following sections:

Page generated July 8, 2016.