Support Questions
Find answers, ask questions, and share your expertise

restrict WebHDFS to be reachable only from certain hosts

Solved Go to solution
Highlighted

restrict WebHDFS to be reachable only from certain hosts

Explorer

Is there a way to limit access to WebHDFS to only users coming from certain hosts? Something similar to hadoop.proxyuser

1 ACCEPTED SOLUTION

Accepted Solutions

Re: restrict WebHDFS to be reachable only from certain hosts

Expert Contributor

You achieve this by limiting access via firewall rules, other than that KNOX + Kerberos is the built in method.


Some resources:

Secure Authentication: The core Hadoop uses Kerberos and Hadoop delegation tokens for security. WebHDFS also uses Kerberos (SPNEGO) and Hadoop delegation tokens for authentication.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_k...

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html

View solution in original post

2 REPLIES 2
Highlighted

Re: restrict WebHDFS to be reachable only from certain hosts

Super Mentor

@Theyaa Matti

You can take a look at the HDFS proxyuser hosts setting as, means the user with name as <USERNAME> will be able to access the test1.example.com,test2.example.com,test3.example.com hosts only.

hadoop.proxyuser.<USERNAME>.hosts=test1.example.com,test2.example.com,test3.example.com

.

https://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Superusers.html

Re: restrict WebHDFS to be reachable only from certain hosts

Expert Contributor

You achieve this by limiting access via firewall rules, other than that KNOX + Kerberos is the built in method.


Some resources:

Secure Authentication: The core Hadoop uses Kerberos and Hadoop delegation tokens for security. WebHDFS also uses Kerberos (SPNEGO) and Hadoop delegation tokens for authentication.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_k...

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html

View solution in original post