Support Questions

Find answers, ask questions, and share your expertise

Key Trustee KMS Proxy ACLs confusion

avatar
New Contributor

In the Cloudera Security Guide, step 6 on page 303 for adding a Key Trusteee KMS Service says "To generate the recommended ACLS, enter the username and group responsible for managing cryptographic keys and click Generate ACLs."

 

Are the username and group mentioned in this step arbitrary or is it referencing a username and group that should have been created as part of some previous configuration?

1 ACCEPTED SOLUTION

avatar
New Contributor

The username and/or group should be a user present in Linux and Kerberos that you have designated as the user responsible for managing keys on your cluster, and you can use an existing user/group or create a new one as makes sense in your environment. Typically this would be a group of administrators who you would entrust to configure security for you, so that only one user or a handful of users can grant access.

View solution in original post

1 REPLY 1

avatar
New Contributor

The username and/or group should be a user present in Linux and Kerberos that you have designated as the user responsible for managing keys on your cluster, and you can use an existing user/group or create a new one as makes sense in your environment. Typically this would be a group of administrators who you would entrust to configure security for you, so that only one user or a handful of users can grant access.