Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Interfacing existing PKI with HDP and Ambari for authentification AND encryption

avatar
author-rank clement_faraon
New Member

Created ‎03-28-2017 12:49 PM

Good afternoon ! I 've juste read the HDFS Administration guide and Ranger KMS guide but I am faced with some questions: - Can I use my existing PKI in order to allow data encryption AND user authentification in HDP ? I know that I can use Kerberos or openLDAP, but those ways are still not very well understood for me If someone could help me to better understand, Please !?

Thank you very Much

Clem

1,866 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank VR46 author-rank
Guru

Created ‎03-30-2017 08:39 PM

Hello @faraon clément,

You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.

Kerberos is the de-fecto standard accepted & supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.

Hope this helps !

View solution in original post

1,711 Views
0 Kudos
2 REPLIES 2

avatar
author-rank VR46 author-rank
Guru

Created ‎03-30-2017 08:39 PM

Hello @faraon clément,

You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.

Kerberos is the de-fecto standard accepted & supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.

Hope this helps !

1,711 Views
0 Kudos

avatar
author-rank VR46 author-rank
Guru

Created ‎03-30-2017 08:39 PM

Hello @faraon clément,

You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.

Kerberos is the de-fecto standard accepted & supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.

Hope this helps !

1,712 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements