Reply
New Contributor
Posts: 7
Registered: ‎06-06-2019
Accepted Solution

logging in to cloudera manager Admin Console without password (kerberos)

Is it possible to use Kerberos ticket to login into Cloudera Manager Admin Console?  

 

I can only see the instruction for enabling http web-console for Hadoop roles but not for admin console:

 

https://www.cloudera.com/documentation/enterprise/6/latest/topics/cm_sg_web_auth.html

 

Step 9: (Optional) Enable Authentication for HTTP Web Consoles for Hadoop Roles

Authentication for access to the HDFS, MapReduce, and YARN roles' web consoles can be enabled using a configuration option for the appropriate service. To enable this authentication:
  1. From the Clusters tab, select the service (HDFS, MapReduce, or YARN) for which you want to enable authentication.
  2. Click the Configuration tab.
  3. Select Scope > service name Service-Wide.
  4. Select Category > Security.
  5. Type Enable Kerberos in the Search box.
  6. Select Enable Kerberos Authentication for HTTP Web-Consoles.
  7. Enter a Reason for change, and then click Save Changes to commit the changes.
  8. When the command finishes, restart all roles of that service.
 
Highlighted
Expert Contributor
Posts: 92
Registered: ‎01-08-2016

Re: logging in to cloudera manager Admin Console without password (kerberos)

[ Edited ]

Hello @Kevin_Z,

 

I haven't come across such scenario or documentation. Most of the documentation talks about login credential while logging on to the CM. And till now, I don't see a any drawback or issue to use it login credential way.

 

It will be very kind of you to please share a particular business case that you would want to use kerberos to login on CM?

Posts: 1,108
Topics: 1
Kudos: 285
Solutions: 134
Registered: ‎04-22-2014

Re: logging in to cloudera manager Admin Console without password (kerberos)

@Kevin_Z ,

 

Current releases of Cloudera Manager do not support Kerberos authentication for access to the CM UI and API.

We have added that feature, though, and it is targeted for future releases.

 

New Contributor
Posts: 7
Registered: ‎06-06-2019

Re: logging in to cloudera manager Admin Console without password (kerberos)

Thank for confirming this.

New Contributor
Posts: 7
Registered: ‎06-06-2019

Re: logging in to cloudera manager Admin Console without password (kerberos)

Sorry @Consult  I did not notice your question until now.  The business case is simple. Now a days many people do not use password to login to their window workstation. They use pin/with PIV card, face id, finger print, etc. to login to desktop. Some government agancies do not even give password to users to enforce users not to use password. 

 

Now after login to the desktop account, the user need to login to cloudera CM with the same AD account they used to login to windows. but they don't have the password for the AD account, what can they do?