Hortonworks Data Platform

Hadoop Security Guide

2014-10-28


Contents

1. Hadoop Security Features
2. Set up Authentication for Hadoop Cluster Components
1. Setting Up Security for Manual Installs
1.1. Preparing Kerberos
1.2. Installing and Configuring the KDC
1.3. Creating the Database and Setting Up the First Administrator
1.4. Creating Service Principals and Keytab Files for HDP
2. Configuring HDP
2.1. Configuration Overview
2.2. Creating Mappings Between Principals and UNIX Usernames
2.3. Adding Security Information to Configuration Files
3. Configure Secure HBase and ZooKeeper
3.1. Configure HBase Master
3.2. Create JAAS configuration files
3.3. Start HBase and ZooKeeper services
3.4. Configure secure client side access for HBase
3.5. Optional: Configure client-side operation for secure operation - Thrift Gateway
3.6. Optional: Configure client-side operation for secure operation - REST Gateway
3.7. Configure HBase for Access Control Lists (ACL)
4. Setting up One-Way Trust with Active Directory
4.1. Configure Kerberos Hadoop Realm on the AD DC
4.2. Configure the AD Domain on the KDC and Hadoop Cluster Hosts
5. Allowing Impersonation
3. Data Protection
1. Enable RPC Encryption for the Hadoop Cluster
2. Enable Data Transfer Protocol
3. Enable SSL on HDP Components
3.1. Understanding Hadoop SSL Keystore Factory
3.2. Manage SSL Certificates
3.3. Enable SSL for WebHDFS, MapReduce Shuffle, and YARN
3.4. Enable SSL on Oozie
3.5. Enable SSL on WebHBase and the HBase REST API
3.6. Enable SSL on HiveServer2
4. Connect to SSL Enabled Components
4.1. Connect to SSL Enabled HiveServer2 using JDBC
4.2. Connect to SSL Enabled Oozie Server

loading table of contents...