Support Questions

ateka_18 · ‎02-04-2021

Hello All,

We have been informed to migrate from LDAP to LDAPS. Hence we are changing the configuration from ldap to ldaps in hue and hive as already we have SSL/TLS enabled, But I do have one question in hdfs configuration it as set hadoop.rpc.protection = authentication. So we thought of making changes to this as well by changing it from authentication to privacy.

What is the suggestion regarding this, is it the best practice what we are planning to do or should we keep the same as authentication. Is there any impact after the change.

shsingh · ‎02-11-2021

Hello there,

The below property would be required if you would like to set RPC encryption[1]:

hadoop.rpc.protection = privacy

authentication : authentication only (default); integrity : integrity check in addition to authentication; privacy : data encryption in addition to integrity

RPC encryption [2]:The most common way for a client to interact with a Hadoop cluster is through RPC. A client connects to a NameNode (NN) over RPC protocol to read or write a file. RPC connections in Hadoop use Java’s Simple Authentication & Security Layer (SASL) which supports encryption. When hadoop.rpc.protection property is set to 'privacy' the data over RPC is encrypted with symmetric keys.

Ref: [1] https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/configuring-wire-encryption/content/enabling_rpc_encryption.html

Kindly check the below Additional references for Wire Encryption and RPC Encryption blog post with detailed explanation[3]:

Ref: [2] https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/configuring-wire-encryption/content/wire_encryption.html
Ref: [3] https://blog.cloudera.com/wire-encryption-hadoop/

Ref: [4] Apache Jir Ref: Hadoop in Secure Mode:

https://hadoop.apache.org/docs/r2.8.0/hadoop-project-dist/hadoop-common/SecureMode.html

Hope this helps! Let me know if you have any queries.