Support Questions

Find answers, ask questions, and share your expertise

logging in to cloudera manager Admin Console without password (kerberos)

avatar
Explorer

Is it possible to use Kerberos ticket to login into Cloudera Manager Admin Console?  

 

I can only see the instruction for enabling http web-console for Hadoop roles but not for admin console:

 

https://www.cloudera.com/documentation/enterprise/6/latest/topics/cm_sg_web_auth.html

 

Step 9: (Optional) Enable Authentication for HTTP Web Consoles for Hadoop Roles

Authentication for access to the HDFS, MapReduce, and YARN roles' web consoles can be enabled using a configuration option for the appropriate service. To enable this authentication:
  1. From the Clusters tab, select the service (HDFS, MapReduce, or YARN) for which you want to enable authentication.
  2. Click the Configuration tab.
  3. Select Scope > service name Service-Wide.
  4. Select Category > Security.
  5. Type Enable Kerberos in the Search box.
  6. Select Enable Kerberos Authentication for HTTP Web-Consoles.
  7. Enter a Reason for change, and then click Save Changes to commit the changes.
  8. When the command finishes, restart all roles of that service.
 
1 ACCEPTED SOLUTION

avatar
Master Guru

@Kevin_Z ,

 

Current releases of Cloudera Manager do not support Kerberos authentication for access to the CM UI and API.

We have added that feature, though, and it is targeted for future releases.

 

View solution in original post

4 REPLIES 4

avatar
Expert Contributor

Hello @Kevin_Z,

 

I haven't come across such scenario or documentation. Most of the documentation talks about login credential while logging on to the CM. And till now, I don't see a any drawback or issue to use it login credential way.

 

It will be very kind of you to please share a particular business case that you would want to use kerberos to login on CM?

avatar
Explorer

Thank for confirming this.

avatar
Explorer

Sorry @Consult  I did not notice your question until now.  The business case is simple. Now a days many people do not use password to login to their window workstation. They use pin/with PIV card, face id, finger print, etc. to login to desktop. Some government agancies do not even give password to users to enforce users not to use password. 

 

Now after login to the desktop account, the user need to login to cloudera CM with the same AD account they used to login to windows. but they don't have the password for the AD account, what can they do?

avatar
Master Guru

@Kevin_Z ,

 

Current releases of Cloudera Manager do not support Kerberos authentication for access to the CM UI and API.

We have added that feature, though, and it is targeted for future releases.