Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger KMS client server communication

Ranger KMS client server communication

New Contributor

Want to understand how to secure the communication between HDFS Name node AND Ranger KMS for HDFS data-at-rest encryption

1) Is hadoop KMS REST API used between the two or something else?

2) Is basic authentication supported with the REST API call and how to configure if supported?

3) Is HTTPs supported and how to configure if supported?

3 REPLIES 3
Highlighted

Re: Ranger KMS client server communication

@Yi Wang

1. The KMS rest API is used by other clients as well when reading data from hdfs.

2. AFAIK in non secured environment it uses basic auth by default. However you can use kerberos for authentication.

3. SSL documentation steps are here:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/ch04s20s02s04s03.html

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

Re: Ranger KMS client server communication

@Yi Wang

Did the above helped answer your questions?

Re: Ranger KMS client server communication

New Contributor

If we want to have secure communication (i.e SSL enabled) b/w HDFS client and KMS,then does it require the whole cluster to be SSL enabled?

Don't have an account?
Coming from Hortonworks? Activate your account here