Support Questions

Find answers, ask questions, and share your expertise

Authentication methods for Cloudera Express 6.3 (Cloudera Manager)

avatar
Rising Star

Greetings,

 

I am looking for a way to enforce password complexity requirements, mandatory rotation of passwords and mitigation of brute force password cracking attacks on Cloudera Manager (CM) accounts.

 

I was researching user authentication options in the free version of CM and came to the conclusion that the only available option is Kerberos and SPNEGO, paired with Kerberos password policies.

 

In CM I enabled "Enable SPNEGO/Kerberos Authentication for the Admin Console and API", but I didn't notice anything different after restarting the service.

 

Are there other options (for the free version of CM 6.3) that I am missing? What are the options in the paid version?

 

Thank you, Kind regards,

Julius

1 ACCEPTED SOLUTION

avatar
Guru

Hi @matagyula ,

 

Thanks for reaching out to Cloudera community.

 

Password complexity and account expiration for users in Cloudera Manager is available through external authentication backends. Please note, this need Cloudera Enterprise license.

You can configure external authentication to LDAP/Active Directory or SAML. Read more from below doc:

https://docs.cloudera.com/documentation/enterprise/latest/topics/cm_sg_external_auth.html

 

However, above does not apply to the CM internal users. We currently have an internal jira which will enhance the validation to the passwords for local CM users adhere to a reasonable policy and it will come in future releases.

 

Thanks and hope this helps!

Li Wang, Technical Solution Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Terms of Service

Community Guidelines

How to use the forum

View solution in original post

2 REPLIES 2

avatar
Guru

Hi @matagyula ,

 

Thanks for reaching out to Cloudera community.

 

Password complexity and account expiration for users in Cloudera Manager is available through external authentication backends. Please note, this need Cloudera Enterprise license.

You can configure external authentication to LDAP/Active Directory or SAML. Read more from below doc:

https://docs.cloudera.com/documentation/enterprise/latest/topics/cm_sg_external_auth.html

 

However, above does not apply to the CM internal users. We currently have an internal jira which will enhance the validation to the passwords for local CM users adhere to a reasonable policy and it will come in future releases.

 

Thanks and hope this helps!

Li Wang, Technical Solution Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Terms of Service

Community Guidelines

How to use the forum

avatar
Rising Star

Hi @lwang ,

 

Thank you very much for your reply, it answered all the questions I had.

 

Kind regards,

Julius