Hadoop Security

Steps to follow to make sure Hadoop is secure

1. Install Kerberos in any server accessible to all cluster nodes.yum install krb5-serveryum install krb5-workstationyum install krb5-libs

2. Modify Configuration file in KDC server configuration to setup acl files, admin keytab files, for the host./var/kerberos/krb5kdc/kdc.conf

3. Modify Configuration file /etc/krb5.conf to setup kdc host and admin server

4. Creating database in KDC host

   $ kdb5_util create –r host_name -s

5. Add administrators to the ACL file

   1. vi /etc/kdamin.acl
   2. Add admin principal ‘admin/admin@host_name’ in that file

6. Add Admin principal $addprinc admin/admin@host_name

Install Kerberos clients on all Cluster Nodes

yum install krb5-workstation

Copy krb5.conf to all cluster nodes

Make sure to enable Secure mode in Hadoop by setting required configurationshttps://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html

Verify :

• Login as normal user to cluster gateway or node where user keytabs are deployed
• Run “kinit –k –t /location/of/keytab file username@host_name”
• And run HDFS commands or mapreduce jobs to verify cluster is secured

These are the basic steps to make sure kerberos is enabled in your cluster.

Hadoop security mostly used Kerberos for authentication, sentry for authorization.Ranger like gateways, knox is used for security aspects http://commandstech.com/latest-hadoop-admin-interview-questions/