Configuring Hadoop Security with Cloudera Manager Enterprise Edition

This section describes how to use Cloudera Manager to automate many of the manual tasks of implementing Kerberos security on your CDH cluster.


These instructions assume you know how to install and configure Kerberos, you already have a working Kerberos Key Distribution Center (KDC) and realm setup, and that you've installed the Kerberos user packages on all cluster machines and machines which will be used to access the cluster. Furthermore, Oozie and Hue require that the realm support renewable tickets. For more information about installing and configuring Kerberos, see:


Kerberos security in Cloudera Manager has been tested on the following version of MIT Kerberos 5:

  • krb5-1.6.1 on Red Hat Enterprise Linux 5 and CentOS 5

Kerberos security in Cloudera Manager is supported on the following versions of MIT Kerberos 5:

  • krb5-1.6.3 on SUSE Linux Enterprise Server 11 Service Pack 1
  • krb5-1.8.1 on Ubuntu
  • krb5-1.8.2 on Red Hat Enterprise Linux 6 and CentOS 6
  • krb5-1.9 on Red Hat Enterprise Linux 6.1

If you want to enable Kerberos SPNEGO-based authentication for HTTP, Cloudera recommends that you use Alfredo. For instructions, see the Alfredo Documentation..