https://community.cloudera.com/t5/Archives-of-Support-Questions/Impala-client-configuration-documentation-out-of-sync-with/m-p/54424#M60524 <P><A href="https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_ssl.html" target="_blank">https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_ssl.html</A> shows a bunch of "TLS/SSL ... Client" properties that no longer appear in CM for CDH 5.9.0. Is there an update to the documentation available that covers this?</P><P>&nbsp;</P><P>I have Impala running behind a proxy and I am also wondering about how this fits in.</P><P>&nbsp;</P><P>While I am here, HiveServer2 documentation indicates Kerberos and LDAP client authentication can co-exist but CM doesn't allow for this.</P><P>&nbsp;</P><P>Clearly the documentation around client authentication could be better. Any pointers to updates would be appreciated.</P><P>&nbsp;</P><P>Thanks, S.</P><P>&nbsp;</P> Fri, 16 Sep 2022 11:33:52 GMT ScottE 2022-09-16T11:33:52Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Impala-client-configuration-documentation-out-of-sync-with/m-p/54424#M60524 <P><A href="https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_ssl.html" target="_blank">https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_ssl.html</A> shows a bunch of "TLS/SSL ... Client" properties that no longer appear in CM for CDH 5.9.0. Is there an update to the documentation available that covers this?</P><P>&nbsp;</P><P>I have Impala running behind a proxy and I am also wondering about how this fits in.</P><P>&nbsp;</P><P>While I am here, HiveServer2 documentation indicates Kerberos and LDAP client authentication can co-exist but CM doesn't allow for this.</P><P>&nbsp;</P><P>Clearly the documentation around client authentication could be better. Any pointers to updates would be appreciated.</P><P>&nbsp;</P><P>Thanks, S.</P><P>&nbsp;</P> Fri, 16 Sep 2022 11:33:52 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Impala-client-configuration-documentation-out-of-sync-with/m-p/54424#M60524 ScottE 2022-09-16T11:33:52Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Impala-client-configuration-documentation-out-of-sync-with/m-p/55115#M60525 <BLOCKQUOTE><HR /><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/12678">@ScottE</a> wrote:<BR /><P><A href="https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_ssl.html" target="_blank">https://www.cloudera.com/documentation/enterprise/5-9-x/topics/impala_ssl.html</A> shows a bunch of "TLS/SSL ... Client" properties that no longer appear in CM for CDH 5.9.0. Is there an update to the documentation available that covers this?</P><P>&nbsp;</P><P>I have Impala running behind a proxy and I am also wondering about how this fits in.</P><P>&nbsp;</P><P>While I am here, HiveServer2 documentation indicates Kerberos and LDAP client authentication can co-exist but CM doesn't allow for this.</P><HR /></BLOCKQUOTE><P>For the above three items:</P><P>The "TLS/SSL ... Client" properties are now just prefixed simply "<SPAN>Impala TLS/SSL Server</SPAN>" - this should be a documentation change.</P><P>&nbsp;</P><P>If Impala is behind a proxy you need to configure HAProxy with a TLS certificate and have it connect to the Impala Server instances also using TLS. The HAProxy documentation will help, but some additional documentaiton from Cloudera would be nice.</P><P>&nbsp;</P><P>HiveServer2 does not support simultaineous kerberos and LDAP authentication (the way Impala does). To achieve this for Hive you need to run a second HiveServer2 instance, configuring one with kerbeos authentication and the other with LDAP.</P> Fri, 26 May 2017 13:26:11 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Impala-client-configuration-documentation-out-of-sync-with/m-p/55115#M60525 ScottE 2017-05-26T13:26:11Z