AnsweredAssumed Answered

How to configure Kerberos authentication

Question asked by bencetamas on Aug 8, 2015
Latest reply on Sep 15, 2015 by mpierre
Hello,

I'm trying to configure Kerberos authentication in a mapr cluster. But I have a some questions.

First of all, the Kerberos tickets are only for getting a mapr ticket, and after that the mapr ticket will be used everywhere?
The Kerberos keytab file can be configured in mapr.login.conf file. But what if I want to use different keytab files (one for Hive access, one for maprfs, etc.). I must put everything into one keytab file?

The documentation says (
[http://doc.mapr.com/display/MapR/Configuring+Kerberos+User+Authentication][1] ), that only one principal needed. There is no authentication beetwen the different services? For security reasons it would be better to create different principals for every service, and the services must authenticate to communicate with other services. In other Hadoop distributions there are the "yarn.resourcemanager.principal", "yarn.nodemanager.principal", etc. config properties to configure different principals for different services. But the mapr documentation doesn't mention these properties, and when I used them, it seemed to me, that they doesn't work. How can I configure different principals for different services?

And how can I configure authorization properly? For example how can I restrict users accessing Hive or submitting a MapReduce job? I just cannot find it in the documentation.

Thank you for the answers!
Bence Tamas


  [1]: http://doc.mapr.com/display/MapR/Configuring+Kerberos+User+Authentication

Outcomes