This is the documentation for Cloudera Manager 5.0.x. Documentation for other versions is available at Cloudera Documentation.

Kerberos

After enabling and configuring Hadoop security using Kerberos on your cluster, you can view and regenerate the Kerberos principals for your cluster. If you make a global configuration change in your cluster, such as changing the encryption type, you would use the Kerberos page to regenerate the principals for your cluster. In a secure cluster, the Kerberos page lists all the Kerberos principals that are active on your cluster.

Regenerating Kerberos Principals

If you make a global configuration change in your cluster, such as changing the encryption type, you must use the following instructions to regenerate the principals for your cluster.
  Important:

To view and regenerate the Kerberos principals for your cluster:

  1. Select Administration > Kerberos.
  2. The currently configured Kerberos principals are displayed. If you are running HDFS, the hdfs/hostname and host/hostname principals are listed. If you are running MapReduce, the mapred/hostname and host/hostname principals are listed. The principals for other running services are also listed.
  3. Only if necessary, select the principals you want to regenerate.
  4. Click Regenerate.

The Security Inspector

The Security Inspector uses the Host Inspector to run a security-related set of commands on the hosts in your cluster. It reports on things such as how Java is configured for encryption and on the default realms configured on each host:
  1. Select Administration > Kerberos.
  2. Click Security Inspector. Cloudera Manager begins several tasks to inspect the managed hosts.
  3. After the inspection completes, click Download Result Data or Show Inspector Results to review the results.
Page generated September 3, 2015.