Support Questions
Find answers, ask questions, and share your expertise

Kerberised HDF cluster

Explorer

Hi,

From my understanding, enabling SSL in NiFi and connecting to LDAP is enough for security. What's the advantage of HDF Kerberisation ? is it only for Kafka and Storm ?

Can I have a non-Kerberised HDF cluster talking with a Kerberised HDF cluster

Thanks

3 REPLIES 3

Expert Contributor

Explorer

My questions are for HDF not HDP

Master Guru

@Joe Harvy

NiFi as an application provides multiple supported methods of user authentication. (User certs, Spenego, LDAP, etc...) NiFi server authentication within NiFi is always done via SSL.

Enabling Kerberos in HDF will change your NiFi to use kerberos for authentication. If you prefer to use LDAP that is fine and there is no need to enable Kerberos on NiFi.

NiFi can communicate with other kerberized and non-kerberized service/applications. The method NiFi is configured to use for user authentication has no role in that communication. Various processor support different end-point applications using kerberos differently (some require on configurations in processors, others require some added properties in the nifi.properties file, other require a jaas file, etc..). The reason these are all implemented differently is because each of the end-point applications client libraries which NiFi includes and are different in how they implement kerberos support.

Bottom line, having two HDF clusters communicate with one another from a NiFi standpoint has no bearing on kerberos since server to server authentication in NiFi always uses SSL certificates for mutual authentication.

Thanks,

Matt