When talking to Cloudera, they mentioned that without Kerberos any user can impersonate any other user and get access to his files.
How exactly is it done?
I'd like to have a simple test. I am not sure if one of our Hadoop cluster is properly protected with Kerberos.
Since your real concern seems to be about security rather than impersonating another user, here is a link to a recent blog post that you may find helpful.
Don't let the title stop you from reading it as the article goes beyond what the title describes and provides other links on security.
I won't post a 'how to' but it is a simple as setting variables to the user's username as all Hadoop is doing is check that and then looking up the user and groups on the OS.