Appendix 6: Configuring Hadoop Security

CDH 5

http://www.cloudera.com/documentation/cdh/5-0-x/CDH5-Security-Guide/CDH5-Security-Guide.html

• Introduction to Hadoop Security
• Configuring Hadoop Security in CDH 5
• Configuring Sentry
• Flume Security Configuration
• Hue Security Configuration
• Oozie Security Configuration
• HttpFS Security Configuration
• HBase Security Configuration
• Impala Security Configuration
• Hive Security Configuration
• HCatalog Security Configuration
• ZooKeeper Security Configuration
• Search Security Configuration
• FUSE - Mountable HDFS Security Configuration
• Sqoop, Pig, and Whirr Security Support Status
• Configuring Encrypted Shuffle, Encrypted Web UIs, and Encrypted HDFS Transport
• Integrating Hadoop Security with Active Directory
• Integrating Hadoop Security with Alternate Authentication
• Appendix A – Troubleshooting
• Appendix B - Information about Other Hadoop Security Programs
• Appendix C - Configuring the Mapping from Kerberos Principals to Short Names
• Appendix D - Enabling Debugging Output for the Sun Kerberos Classes
• Appendix E - Task-controller and Container-executor Error Codes
• Appendix F - Using kadmin to Create Kerberos Keytab Files
• Appendix G - Setting Up a Gateway Node to Restrict Access
• Appendix H - Using a Web Browser to Access an URL Protected by Kerberos HTTP SPNEGO
• Appendix I - Configuring LDAP Group Mappings

CDH 4

http://www.cloudera.com/documentation/archive/cdh/4-x/4-7-1/CDH4-Security-Guide/cdh4sg_topic_3.html

1. Install CDH4.
2. Verify User Accounts and Groups in CDH4 Due to Security.
3. If you are Using AES-256 Encryption, install the JCE Policy File.
4. Create and Deploy the Kerberos Principals and Keytab Files.
5. Shut Down the Cluster.
6. Enable Hadoop security.
7. Configure secure HDFS.
8. Optional: Configuring Security for HDFS High Availability.
9. Optional: Configure secure WebHDFS.
10. Set Variables for Secure DataNodes.
11. Start up the NameNode.
12. Start up a DataNode.
13. Set the Sticky Bit on HDFS Directories.
14. Start up the Secondary NameNode (if used).
15. Configure Either MRv1 Security or YARN Security.