Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

how to do security between services(hive, yarn,etc) to your ranger-plugins and ranger-plugins to ranger-admin ?

New Contributor

how do you do security for your cluster ? my cluster has several services and I want to secure them. What's your typical configurations for the below 2 parts ?

1. service to ranger-plugin. e.g. hive connect to ranger-hive-plugins, how many types securities are supported ? is there Kerberos ?

2. ranger-plugin to ranger-admin, ranger-plugins fetch policy from ranger-admin ? is there kerberos also or something else ?

1 REPLY 1

Super Guru
@xiang sheng

1. service to ranger-plugin. e.g. hive connect to ranger-hive-plugins, how many types securities are supported ? is there Kerberos ?

Kerberos is to authenticate across different componentsin Hadoop (pretty much all). Ranger has a plugin for HiveServer2 and that's how Ranger provides authorization for Hive tables.

2. ranger-plugin to ranger-admin, ranger-plugins fetch policy from ranger-admin ? is there kerberos also or something else?

You can use Unix, LDAP or AD to authenticate to Ranger admin.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/configure_ranger_authen...

For each servce that is kerberized, you will create a os user and kerberos principal and then give that user access to run a plugin process as part of the service. This user is how Ranger is able to access the service(s). See following link:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_security/content/hdfs_plugin_kerberos.ht...