Support Questions
Find answers, ask questions, and share your expertise

As NameNode is wide open, want to secure it without knox or kerberos any other options?????

As NameNode is wide open, want to secure it without knox or kerberos any other options?????

Explorer

Securing Namenode UI and Access only to Administrators ! without knox and Namenode UI?

4 REPLIES 4

Re: As NameNode is wide open, want to secure it without knox or kerberos any other options?????

Super Mentor

@Stinger

I see only Knox and Kerberos (Spnego) as the available standard options to secure NameNode UI access.

However you can check the following link:https://streever.atlassian.net/wiki/display/HADOOP/2014/03/06/Securing+Hadoop+(HDP)+Web+UI+Component...

Or better:

The following document link describes how to configure Hadoop HTTP web-consoles to require user authentication. By default Hadoop HTTP web-consoles (JobTracker, NameNode, TaskTrackers and DataNodes) allow access without any form of authentication.

https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/HttpAuthentication.html

.

Re: As NameNode is wide open, want to secure it without knox or kerberos any other options?????

Explorer

Any correct documentation for NN UI with knox for 2.6?

Re: As NameNode is wide open, want to secure it without knox or kerberos any other options?????

Explorer

This requires kerberos?I can see in the configs

hadoop.http.authentication.kerberos.principalHTTP/_HOST@$LOCALHOSTIndicates the Kerberos principal to be used for HTTP endpoint when using ‘kerberos’ authentication. The principal short name must be HTTP per Kerberos HTTP SPNEGO specification. _HOST -if present- is replaced with bind address of the HTTP server.
hadoop.http.authentication.kerberos.keytab$user.home/hadoop.keytab

Re: As NameNode is wide open, want to secure it without knox or kerberos any other options?????

Super Mentor

@Stinger

Yes, Above requires Kerberos (SPNEGO) will be needed for the http authentication.

.

Regarding your query "Any correct documentation for NN UI with knox for 2.6?"

>>>> There is a HCC article to do so: https://community.hortonworks.com/articles/81713/configure-knox-to-access-hdfs-ui.html