https://community.cloudera.com/t5/Archives-of-Support-Questions/Interfacing-existing-PKI-with-HDP-and-Ambari-for/m-p/176799#M58310 <P>Hello <A rel="user" href="https://community.cloudera.com/users/16807/clementfaraon.html" nodeid="16807">@faraon clément</A>,</P><P>You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.</P><P>Kerberos is the de-fecto standard accepted &amp; supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.</P><P>Hope this helps !</P> Fri, 31 Mar 2017 03:39:02 GMT VR46 2017-03-31T03:39:02Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Interfacing-existing-PKI-with-HDP-and-Ambari-for/m-p/176797#M58308 <P>Good afternoon ! I 've juste read the HDFS Administration guide and Ranger KMS guide but I am faced with some questions: - Can I use my existing PKI in order to allow data encryption AND user authentification in HDP ? I know that I can use Kerberos or openLDAP, but those ways are still not very well understood for me If someone could help me to better understand, Please !?</P><P>Thank you very Much</P><P>Clem</P> Tue, 28 Mar 2017 19:49:30 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Interfacing-existing-PKI-with-HDP-and-Ambari-for/m-p/176797#M58308 clement_faraon 2017-03-28T19:49:30Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Interfacing-existing-PKI-with-HDP-and-Ambari-for/m-p/176798#M58309 <P>Hello <A rel="user" href="https://community.cloudera.com/users/16807/clementfaraon.html" nodeid="16807">@faraon clément</A>,</P><P>You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.</P><P>Kerberos is the de-fecto standard accepted &amp; supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.</P><P>Hope this helps !</P> Fri, 31 Mar 2017 03:39:01 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Interfacing-existing-PKI-with-HDP-and-Ambari-for/m-p/176798#M58309 VR46 2017-03-31T03:39:01Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Interfacing-existing-PKI-with-HDP-and-Ambari-for/m-p/176799#M58310 <P>Hello <A rel="user" href="https://community.cloudera.com/users/16807/clementfaraon.html" nodeid="16807">@faraon clément</A>,</P><P>You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.</P><P>Kerberos is the de-fecto standard accepted &amp; supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.</P><P>Hope this helps !</P> Fri, 31 Mar 2017 03:39:02 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Interfacing-existing-PKI-with-HDP-and-Ambari-for/m-p/176799#M58310 VR46 2017-03-31T03:39:02Z