https://community.cloudera.com/t5/Support-Questions/Why-can-t-we-use-LDAP-for-Hadoop-authentication/m-p/147239#M109782 <P>We all know that Hadoop needs Kerberos to be fully secure. LDAP is an authentication solution used with several Hadoop tools (Ambari, Nifi, Ambari, etc). Why we need Kerberos in addition of LDAP ?</P> Fri, 16 Sep 2022 10:38:53 GMT tim_david1954 2022-09-16T10:38:53Z https://community.cloudera.com/t5/Support-Questions/Why-can-t-we-use-LDAP-for-Hadoop-authentication/m-p/147239#M109782 <P>We all know that Hadoop needs Kerberos to be fully secure. LDAP is an authentication solution used with several Hadoop tools (Ambari, Nifi, Ambari, etc). Why we need Kerberos in addition of LDAP ?</P> Fri, 16 Sep 2022 10:38:53 GMT https://community.cloudera.com/t5/Support-Questions/Why-can-t-we-use-LDAP-for-Hadoop-authentication/m-p/147239#M109782 tim_david1954 2022-09-16T10:38:53Z https://community.cloudera.com/t5/Support-Questions/Why-can-t-we-use-LDAP-for-Hadoop-authentication/m-p/147240#M109783 <P>Here is your answer: You can easily spoof your Hadoop cluster with a change of a simple environment variable.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="7536-1-spoof-security.gif" style="width: 581px;"><img src="https://community.cloudera.com/t5/image/serverpage/image-id/21380iE9485877B8938292/image-size/medium?v=v2&amp;px=400" role="button" title="7536-1-spoof-security.gif" alt="7536-1-spoof-security.gif" /></span></P><P>See also </P><P><A href="https://community.hortonworks.com/questions/2982/kerberos-adldap-and-ranger.html" target="_blank" rel="nofollow noopener noreferrer">https://community.hortonworks.com/questions/2982/kerberos-adldap-and-ranger.html</A></P> Sun, 18 Aug 2019 13:19:45 GMT https://community.cloudera.com/t5/Support-Questions/Why-can-t-we-use-LDAP-for-Hadoop-authentication/m-p/147240#M109783 amcbarnett 2019-08-18T13:19:45Z https://community.cloudera.com/t5/Support-Questions/Why-can-t-we-use-LDAP-for-Hadoop-authentication/m-p/147241#M109784 <P><A rel="user" href="https://community.cloudera.com/users/369/amcbarnett.html" nodeid="369">@Ancil McBarnett </A></P><P>Thanks, I am already aware of this. My question is more on why we can not use LDAP ? is it because Hadoop doesn't support it and we can some day implement and LDAP integration ? or because LDAP is lacking a feature, hence can not and will never replace Kerberos ? <A rel="user" href="https://community.cloudera.com/users/369/amcbarnett.html" nodeid="369"></A> </P> Mon, 12 Sep 2016 22:14:41 GMT https://community.cloudera.com/t5/Support-Questions/Why-can-t-we-use-LDAP-for-Hadoop-authentication/m-p/147241#M109784 tim_david1954 2016-09-12T22:14:41Z https://community.cloudera.com/t5/Support-Questions/Why-can-t-we-use-LDAP-for-Hadoop-authentication/m-p/147242#M109785 <P>You can use LDAP in ADDITION to Kerberos. LDAP is the authentication authority. Kerberos is the ticketing system. LDAP is like the DMV giving you your driver's licence. Kerberos is your boarding pass to get on the plane. Kerberos can be enabled with AD, FreeIPA as your LDAP in HAdoop. Ambari, Nifi, Ranger will authenticate with those LDAPs. The only exception is Hive where when Kerberos is enabled it replaces LDAP authentication.</P> Mon, 12 Sep 2016 22:36:11 GMT https://community.cloudera.com/t5/Support-Questions/Why-can-t-we-use-LDAP-for-Hadoop-authentication/m-p/147242#M109785 amcbarnett 2016-09-12T22:36:11Z