Support Questions

Find answers, ask questions, and share your expertise

Interfacing existing PKI with HDP and Ambari for authentification AND encryption

Good afternoon ! I 've juste read the HDFS Administration guide and Ranger KMS guide but I am faced with some questions: - Can I use my existing PKI in order to allow data encryption AND user authentification in HDP ? I know that I can use Kerberos or openLDAP, but those ways are still not very well understood for me If someone could help me to better understand, Please !?

Thank you very Much

Clem

1 ACCEPTED SOLUTION

Guru

Hello @faraon clément,

You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.

Kerberos is the de-fecto standard accepted & supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.

Hope this helps !

View solution in original post

2 REPLIES 2

Guru

Hello @faraon clément,

You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.

Kerberos is the de-fecto standard accepted & supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.

Hope this helps !

Guru

Hello @faraon clément,

You can use your existing PKI intrastructure for securing the communication channel inside as well as outside of your Hadoop cluster. But same can not be used for either authentication or data encryption.

Kerberos is the de-fecto standard accepted & supported by Hadoop services when it comes to user authentication. Similarly you will have to use Ranger KMS to encrypt the data you are storing in HDFS.

Hope this helps !