Support Questions

Find answers, ask questions, and share your expertise

How can I prevent end-users from using Hadoop service accounts directly (e.g. Ambari,hive..etc)?

avatar
Rising Star
 
1 ACCEPTED SOLUTION

avatar
Master Mentor

@Ned Shawa

Kerberos the envriroment and ambari server

View solution in original post

4 REPLIES 4

avatar
Master Mentor

@Ned Shawa

Kerberos the envriroment and ambari server

avatar
Rising Star

need more elaboration on this, How will kerberos solve the problem?

avatar
Master Mentor

@Ned Shawa Please see this http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_optional_s...

Also, Keep users in edge node only. No access to Master and worker nodes

You can leverage knox for the same purpose.

Once kerberos is in place then only authenticated users will be able to access the environment.

Restricted access to keytabs.

avatar
Master Mentor