Support Questions

clement_faraon · ‎03-28-2017

Good afternoon ! I 've juste read the HDFS Administration guide and Ranger KMS guide but I am faced with some questions: - Can I use my existing PKI in order to allow data encryption AND user authentification in HDP ? I know that I can use Kerberos or openLDAP, but those ways are still not very well understood for me If someone could help me to better understand, Please !?

Thank you very Much

Clem

VR46 · ‎03-30-2017

Hello @faraon clément,

You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.

Kerberos is the de-fecto standard accepted & supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.

Hope this helps !

View solution in original post

VR46 · ‎03-30-2017

Hello @faraon clément,

You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.

Kerberos is the de-fecto standard accepted & supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.

Hope this helps !

VR46 · ‎03-30-2017

Hello @faraon clément,

You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.

Kerberos is the de-fecto standard accepted & supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.

Hope this helps !

Cloudera Community

Support Questions

Interfacing existing PKI with HDP and Ambari for authentification AND encryption