This is the documentation for Cloudera Enterprise 5.8.x. Documentation for other versions is available at Cloudera Documentation.
Flume Authentication
Flume agents have the ability to store data on an HDFS filesystem configured with Hadoop security. The Kerberos system and protocols authenticate communications between clients and services. Hadoop clients include users and MapReduce jobs on behalf of users, and the services include HDFS and MapReduce. Flume acts as a Kerberos principal (user) and needs Kerberos credentials to interact with the Kerberos security-enabled service. Authenticating a user or a service can be done using a Kerberos keytab file. This file contains a key that is used to obtain a ticket-granting ticket (TGT). The TGT is used to mutually authenticate the client and the service using the Kerberos KDC.
The following sections describe how to use Flume 1.3.x and CDH 5 with Kerberos security on your Hadoop cluster:
- Configuring Flume's Security Properties
- Configuring Kerberos for Flume Thrift Source and Sink Using Cloudera Manager
- Configuring Kerberos for Flume Thrift Source and Sink Using the Command Line
- Flume Account Requirements
- Testing the Flume HDFS Sink Configuration
- Writing to a Secure HBase cluster
Important:
To enable Flume to work with Kerberos security on your Hadoop cluster, make sure you perform the installation and configuration steps in Configuring Hadoop Security in CDH 5.
Note:
These instructions have been tested with CDH 5 and MIT Kerberos 5 only. The following instructions describe an example of how to configure a Flume agent to be a client as the user flume to a secure HDFS service. This section does not describe how to secure the communications between Flume agents, which is not currently implemented.
| << Enabling Debugging Output for the Sun Kerberos Classes | ©2016 Cloudera, Inc. All rights reserved | Configuring Flume's Security Properties >> |
| Terms and Conditions Privacy Policy |