Securing Cloudera Flow Management
Also available as:
PDF

Using Custom Certificate DN Support

If you cannot use the auto-generate feature for Node Identities, given the structure for the DN in the certificates for nodes, you can use the authorizers.xml safety valve to identify node nodes by DN.

Using the authorizers.xml safety valve, enter xml properties for Node and User identities to identify nodes by DN. Both Node and User Identities should be defined starting at number 2. The below example shows configuration properties for 2 nodes using the default File User Group and default File Access Policy Provider:

Name: xml.authorizers.userGroupProvider.file-user-group-provider.property.Initial User Identity 2
Value: CN=myserver-1.localhost, OU=MYORG

Name: xml.authorizers.accessPolicyProvider.file-access-policy-provider.property.Node Identity 2
Value: CN=myserver-1.localhost, OU=MYORG

Name: xml.authorizers.userGroupProvider.file-user-group-provider.property.Initial User Identity 3
Value: CN=myserver-2.localhost, OU=MYORG

Name: xml.authorizers.accessPolicyProvider.file-access-policy-provider.property.Node Identity 3
Value: CN=myserver-2.localhost, OU=MYORG