This is the documentation for Cloudera 5.5.x. Documentation for other versions is available at Cloudera Documentation.

Search Authentication

This section describes how to configure Search in CDH 5 to enable authentication.

    When authentication is enabled, only specified hosts and users can connect to Search. Authentication also verifies that clients connect to legitimate servers. This feature prevents spoofing such as impersonation and man-in-the-middle attacks. Search supports Kerberos and LDAP authentication.

    Continue reading:

    Cloudera Search supports a variety of combinations of authentication protocols:
    Table 1. Authentication Protocol Combinations
    Solr Authentication Use Case
    No authentication Insecure cluster
    Kerberos only The Hadoop cluster has kerberos turned on and every user (or client) connecting to Solr has a Kerberos principal.
    Kerberos and LDAP The Hadoop cluster has kerberos turned on. External Solr users (or clients) don’t have Kerberos principal but do have an identity in the LDAP server.

    Once you are finished setting up authentication, configure Sentry authorization. Authorization involves specifying which resources can be accessed by particular users when they connect through Search. See Enabling Sentry Authorization for Search using the Command Line for details.

    Page generated November 23, 2015.