Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Secure Webhdfs in Hadoop Hortonworks Cluster

avatar
author-rank asmarz
Contributor

Created ‎01-27-2020 08:48 AM

Dear community

 

I have installed a hadoop cluster on 8 servers using Ambari Hortonworks.

I am able to access webhdfs using the ip address and the default port 50070 without authentication.

 

How can I secure Webhdfs?

 

P.S I did not enable using kerberos in Ambari > Enable kerberos , should I do it?

 

Any suggestion will be appreciated

Thanks

Asma

4,101 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎02-03-2020 01:03 PM

@asmarz 

Good to know that your original issue is resolved.  However for any subsequent slightly different issue it is always better to open a new Community Thread that way the readers of this thread can easily find out One Error/Issue with one Solution.    Multiple issues in a single thread can cause readers to get confused.

.

If your question is answered then, Please make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

 

View solution in original post

3,943 Views
10 REPLIES 10

avatar
author-rank willieken49
New Contributor

Created on ‎02-03-2020 11:42 PM - edited ‎02-03-2020 11:43 PM

  1. Set the value of the dfs.webhdfs.enabled property in hdfs-site.xml to true.
    <property>
  <name>dfs.webhdfs.enabled</name>
  <value>true</value> 
</property>
  2. Create an HTTP service user principal.
    kadmin: addprinc -randkey HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM
    where:
    • Fully_Qualified_Domain_Name: Host where the NameNode is deployed.
    • Realm_Name: Name of your Kerberos realm.
  3. Create a keytab file for the HTTP principal.
    kadmin: xst -norandkey -k /etc/security/spnego.service.keytab HTTP/$<Fully_Qualified_Domain_Name>
  4. Verify that the keytab file and the principal are associated with the correct service.
    klist –k -t /etc/security/spnego.service.keytab
  5. Add the dfs.web.authentication.kerberos.principal and dfs.web.authentication.kerberos.keytab properties to hdfs-site.xml.
    <property>
  <name>dfs.web.authentication.kerberos.principal</name>
  <value>HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM</value>
</property>
<property>
  <name>dfs.web.authentication.kerberos.keytab</name>
  <value>/etc/security/spnego.service.keytab</value>
</property>
  6. Restart the NameNode and the DataNodes.
1,623 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements