Procedure for Using Cloudera Manager to Configure Hadoop Security
Here are the general steps to using Cloudera Manager to configure Hadoop security on your Hadoop cluster, each of which is described in more detail in the following sections:
- Install CDH and Cloudera Manager.
- Set up a Local KDC and Default Domain for the Hadoop Cluster.
- If you are Using AES-256 Encryption, install the JCE Policy File.
- Get or Create a Kerberos Principal and Keytab File for the Cloudera Manager Server.
- Deploying the Cloudera Manager Server Keytab
- Configure the Kerberos Default Realm in the Cloudera Manager Admin Console.
- Stop all Services.
- Enable Hadoop security.
- Wait for the Generate Credentials command to finish.
- Enable Hue to Work with Hadoop Security using Cloudera Manager.
- (Flume Only) Use Substitution Variables for the Kerberos Principal and Keytab
- (CDH 4.0 and 4.1 only) Configure Hue to use local Hive metastore
- Start all Services.
- Create the hdfs Super User Principal.
- Get or Create a Kerberos Principal or Keytab for Each User Account.
- Prepare the Cluster for Each User.
- Verify that Kerberos Security is Working.
- (Optional) Enable Authentication for HTTP Web-Consoles for Hadoop Roles