I am trying to enable SSL for all nodes and services in the cluster. How can I do this? Can someone please point me to some concise documentation where I can do this quickly and safely. Bit confused about Sentry and how it plays into authorization etc. Thanks.
In CM 6, we introduce auto-tls that might be of interest to you if you are setting up a new cluster:
In CM 5, configuring TLS is a manual process that can take a good amount of time. The documentation link provided before should help, but if you are new to TLS, PKI, etc. it may take a while to get everything done.
As for Sentry, you can start reading here:
Is Kerberos authentication mandatory before setting up SSL on Hadoop nodes?
Also, moving to CDH 6 is not an option for us at the moment.
SSL and Kerberos can be configured independently and do not depend on one another functionally.
It is recommended to use a mixture of both to ensure you can restrict access to your cluster via authentication/authorization and then also TLS (SSL) you protect against snooping your data over the wire.
If by SSO you mean SAML, then that would only apply to external access points in UIs: Cloudera Manager, Hue, and Navigator. You still need Kerberos for internals such as HDFS and YARN for instance.
Maybe if you can clarify what you are planning for security in your environment we can help answer more specific questions.