Reply
Highlighted
New Contributor
Posts: 2
Registered: ‎08-30-2017
Accepted Solution

Key Trustee KMS Proxy ACLs confusion

In the Cloudera Security Guide, step 6 on page 303 for adding a Key Trusteee KMS Service says "To generate the recommended ACLS, enter the username and group responsible for managing cryptographic keys and click Generate ACLs."

 

Are the username and group mentioned in this step arbitrary or is it referencing a username and group that should have been created as part of some previous configuration?

New Contributor
Posts: 2
Registered: ‎08-30-2017

Re: Key Trustee KMS Proxy ACLs confusion

The username and/or group should be a user present in Linux and Kerberos that you have designated as the user responsible for managing keys on your cluster, and you can use an existing user/group or create a new one as makes sense in your environment. Typically this would be a group of administrators who you would entrust to configure security for you, so that only one user or a handful of users can grant access.

Announcements