Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

restrict WebHDFS to be reachable only from certain hosts

Labels:
avatar
author-rank theyaa
Rising Star

Created ‎11-03-2017 04:55 PM

Is there a way to limit access to WebHDFS to only users coming from certain hosts? Something similar to hadoop.proxyuser

2,331 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jpetro416
Expert Contributor

Created ‎11-03-2017 05:07 PM

You achieve this by limiting access via firewall rules, other than that KNOX + Kerberos is the built in method.


Some resources:

Secure Authentication: The core Hadoop uses Kerberos and Hadoop delegation tokens for security. WebHDFS also uses Kerberos (SPNEGO) and Hadoop delegation tokens for authentication.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_k...

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html

View solution in original post

2,240 Views
2 REPLIES 2

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎11-03-2017 05:03 PM

@Theyaa Matti

You can take a look at the HDFS proxyuser hosts setting as, means the user with name as <USERNAME> will be able to access the test1.example.com,test2.example.com,test3.example.com hosts only.

hadoop.proxyuser.<USERNAME>.hosts=test1.example.com,test2.example.com,test3.example.com

.

https://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Superusers.html

2,240 Views
0 Kudos

avatar
author-rank jpetro416
Expert Contributor

Created ‎11-03-2017 05:07 PM

You achieve this by limiting access via firewall rules, other than that KNOX + Kerberos is the built in method.


Some resources:

Secure Authentication: The core Hadoop uses Kerberos and Hadoop delegation tokens for security. WebHDFS also uses Kerberos (SPNEGO) and Hadoop delegation tokens for authentication.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_k...

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html

2,241 Views
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements