Integrating Hadoop Security with Alternate Authentication
One of the ramifications of enabling security on a Hadoop cluster is that every user who interacts with the cluster must have a Kerberos principal configured. For some of the services, specifically Oozie and Hadoop (for example, JobTracker and TaskTracker), it can be convenient to run a mixed form of authentication where Kerberos authentication is used for API or command line access while some other form of authentication (for example, SSO and LDAP) is used for accessing Web UIs. Using an alternate authentication deployment is considered an advanced topic because only a partial implementation is provided in this release: you will have to implement some of the code yourself.
The following instructions assume you have already performed the installation and configuration steps in Configuring Hadoop Security in CDH4.
See also the Example Implementation for Oozie.
|<< Previous: Configuring a Local MIT Kerberos Realm to Trust Active Directory||Next: Step 1: Configure the AuthenticationFilter to use Kerberos >>|