Hadoop Security
Steps to follow to make sure Hadoop is secure
Install Kerberos in any server accessible to all cluster nodes.yum install krb5-serveryum install krb5-workstationyum install krb5-libs
Modify Configuration file in KDC server configuration to setup acl files, admin keytab files, for the host./var/kerberos/krb5kdc/kdc.conf
Modify Configuration file /etc/krb5.conf to setup kdc host and admin server
Creating database in KDC host
$ kdb5_util create –r host_name -s
Add administrators to the ACL file
- vi /etc/kdamin.acl
- Add admin principal ‘admin/admin@host_name’ in that file
Add Admin principal $addprinc admin/admin@host_name
Install Kerberos clients on all Cluster Nodes
yum install krb5-workstation
Copy krb5.conf to all cluster nodes
Make sure to enable Secure mode in Hadoop by setting required configurationshttps://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html
Verify :
- Login as normal user to cluster gateway or node where user keytabs are deployed
- Run “kinit –k –t /location/of/keytab file username@host_name”
- And run HDFS commands or mapreduce jobs to verify cluster is secured
These are the basic steps to make sure kerberos is enabled in your cluster.
Hadoop security mostly used Kerberos for authentication, sentry for authorization.Ranger like gateways, knox is used for security aspects http://commandstech.com/latest-hadoop-admin-interview-questions/