This is the documentation for CDH 4.7.1.
Documentation for other versions is available at Cloudera Documentation.

Oozie Security Configuration

This section describes how to configure Oozie CDH4 with Kerberos security on a Hadoop cluster:
  Important:

To enable Oozie to work with Kerberos security on your Hadoop cluster, make sure you perform the installation and configuration steps in Configuring Hadoop Security in CDH4. Also note that when Kerberos security is enabled in Oozie, a web browser that supports Kerberos HTTP SPNEGO is required to access the Oozie web-console (for example, Firefox, Internet Explorer or Chrome). See Appendix H - Using a Web Browser to Access an URL Protected by Kerberos HTTP SPNEGO for more details.

  Important:

If the NameNode, Secondary NameNode, DataNode, JobTracker, TaskTrackers, ResourceManager, NodeManagers, HttpFS, or Oozie services are configured to use Kerberos HTTP SPNEGO authentication, and two or more of these services are running on the same host, then all of the running services must use the same HTTP principal and keytab file used for their HTTP endpoints.