Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Kerberised HDF cluster

joe_harvyy
Explorer

Created ‎03-12-2017 04:25 PM

Hi,

From my understanding, enabling SSL in NiFi and connecting to LDAP is enough for security. What's the advantage of HDF Kerberisation ? is it only for Kafka and Storm ?

Can I have a non-Kerberised HDF cluster talking with a Kerberised HDF cluster

Thanks

1,089 Views
3 REPLIES 3

maheshmsh88
Expert Contributor

Created ‎03-13-2017 01:03 PM

Hi Joe,

Please refer following useful links for answer.

What's the advantage of HDF Kerberisation ?

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/ch_hdp-security-guide-ov...

is it only for Kafka and Storm ?

https://hortonworks.com/blog/enabling-kerberos-hdp-active-directory-integration/

https://hortonworks.com/blog/office-hours-qa-on-yarn-in-hadoop-2/

Hope this will be useful.

714 Views
0 Kudos

joe_harvyy
Explorer

Created ‎03-13-2017 01:27 PM

My questions are for HDF not HDP

714 Views
0 Kudos

MattWho
Master Guru

Created ‎03-13-2017 02:42 PM

@Joe Harvy

NiFi as an application provides multiple supported methods of user authentication. (User certs, Spenego, LDAP, etc...) NiFi server authentication within NiFi is always done via SSL.

Enabling Kerberos in HDF will change your NiFi to use kerberos for authentication. If you prefer to use LDAP that is fine and there is no need to enable Kerberos on NiFi.

NiFi can communicate with other kerberized and non-kerberized service/applications. The method NiFi is configured to use for user authentication has no role in that communication. Various processor support different end-point applications using kerberos differently (some require on configurations in processors, others require some added properties in the nifi.properties file, other require a jaas file, etc..). The reason these are all implemented differently is because each of the end-point applications client libraries which NiFi includes and are different in how they implement kerberos support.

Bottom line, having two HDF clusters communicate with one another from a NiFi standpoint has no bearing on kerberos since server to server authentication in NiFi always uses SSL certificates for mutual authentication.

Thanks,

Matt

714 Views
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
[ANNOUNCE] CDP Private Cloud Data Services 1.5.0 Released
Community Announcements
January 2023 Community Highlights
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector 2.6.30 for Impala is Released
What's New @ Cloudera
Cloudera Operational Database (COD) provides a CLI option to enable HBase region canaries
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an operational database using a predefined Data Lake template
View More Announcements