https://community.cloudera.com/t5/Archives-of-Support-Questions/restrict-WebHDFS-to-be-reachable-only-from-certain-hosts/m-p/188895#M70733 <P><STRONG>You achieve this by limiting access via firewall rules, other than that KNOX + Kerberos is the built in method.</STRONG></P><P><STRONG><BR /></STRONG></P><P><STRONG>Some resources:</STRONG></P><P><STRONG>Secure Authentication</STRONG>: The core Hadoop uses Kerberos and Hadoop delegation tokens for security. WebHDFS also uses Kerberos (SPNEGO) and Hadoop delegation tokens for authentication.</P><P><A href="https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_knox.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_knox.html</A> </P><P><A href="https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html" target="_blank">https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html</A> </P> Sat, 04 Nov 2017 00:07:22 GMT jpetro416 2017-11-04T00:07:22Z https://community.cloudera.com/t5/Archives-of-Support-Questions/restrict-WebHDFS-to-be-reachable-only-from-certain-hosts/m-p/188893#M70731 <P>Is there a way to limit access to WebHDFS to only users coming from certain hosts? Something similar to hadoop.proxyuser</P> Fri, 03 Nov 2017 23:55:02 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/restrict-WebHDFS-to-be-reachable-only-from-certain-hosts/m-p/188893#M70731 theyaa 2017-11-03T23:55:02Z https://community.cloudera.com/t5/Archives-of-Support-Questions/restrict-WebHDFS-to-be-reachable-only-from-certain-hosts/m-p/188894#M70732 <P><A rel="user" href="https://community.cloudera.com/users/12470/theyaamatti.html" nodeid="12470">@Theyaa Matti</A></P><P>You can take a look at the HDFS proxyuser hosts setting as, means the user with name as &lt;USERNAME&gt; will be able to access the test1.example.com,test2.example.com,test3.example.com hosts only.</P><PRE>hadoop.proxyuser.&lt;USERNAME&gt;.hosts=test1.example.com,test2.example.com,test3.example.com</PRE><P>.</P><P><A href="https://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Superusers.html" target="_blank">https://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Superusers.html</A></P> Sat, 04 Nov 2017 00:03:32 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/restrict-WebHDFS-to-be-reachable-only-from-certain-hosts/m-p/188894#M70732 jsensharma 2017-11-04T00:03:32Z https://community.cloudera.com/t5/Archives-of-Support-Questions/restrict-WebHDFS-to-be-reachable-only-from-certain-hosts/m-p/188895#M70733 <P><STRONG>You achieve this by limiting access via firewall rules, other than that KNOX + Kerberos is the built in method.</STRONG></P><P><STRONG><BR /></STRONG></P><P><STRONG>Some resources:</STRONG></P><P><STRONG>Secure Authentication</STRONG>: The core Hadoop uses Kerberos and Hadoop delegation tokens for security. WebHDFS also uses Kerberos (SPNEGO) and Hadoop delegation tokens for authentication.</P><P><A href="https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_knox.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_knox.html</A> </P><P><A href="https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html" target="_blank">https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html</A> </P> Sat, 04 Nov 2017 00:07:22 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/restrict-WebHDFS-to-be-reachable-only-from-certain-hosts/m-p/188895#M70733 jpetro416 2017-11-04T00:07:22Z