Reply
New Contributor
Posts: 1
Registered: ‎11-17-2016

Need help on implementing 2 factor authentication on Hadoop

Hello,

We want to implement 2 factor authentication on Hadoop cluster.

Currently we have configured Kerberos for AD authentication with username and password.

Does anybody have experience on multi factor authentication on hadoop? How can we integrate second factor authentication like RSA SecurID with Kerberos, and how can we configure the components like Hue, hive, hdfs or any additional component which needs to be configured, in order to provide 2 factor authentication with username, password and RSA SecurID token?

I think we need to configure pkinit/pam for this but I couldn't find any technical documentation.

Thanks,

Samet Karadag

Cloudera Employee
Posts: 15
Registered: ‎12-11-2015

Re: Need help on implementing 2 factor authentication on Hadoop

Hi SametKaradag,

I'm not sure I understand how you want this to work. I've never tried, but I believe you're right that you'll need to do this on the Kerberos side. If you can separate the Hadoop SPN-s to allow them to log in using keytabs without MFA, it should work fine. The services should work properly if the user can authenticate themselves against Kerberos with their passwords and SecurIDs.
Highlighted
New Contributor
Posts: 1
Registered: ‎07-10-2018

Re: Need help on implementing 2 factor authentication on Hadoop

Hi, so have you managed to implement MFA with Cloudera manager? From what I have researched you would have to use some 3rd party apps like: SAASPASS or Centrify as Cloudera does not appear to be able to deal with MFA authentication. 

It can only do those:

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_external_auth.html#cmug_topic_...

Please kindly share your findings if you have managed to achieve this. I will keep researching.

Many thanks! P aul

Announcements