Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

restrict WebHDFS to be reachable only from certain hosts

Labels:
avatar
author-rank theyaa
Rising Star

Created ‎11-03-2017 04:55 PM

Is there a way to limit access to WebHDFS to only users coming from certain hosts? Something similar to hadoop.proxyuser

1,058 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jpetro416
Expert Contributor

Created ‎11-03-2017 05:07 PM

You achieve this by limiting access via firewall rules, other than that KNOX + Kerberos is the built in method.


Some resources:

Secure Authentication: The core Hadoop uses Kerberos and Hadoop delegation tokens for security. WebHDFS also uses Kerberos (SPNEGO) and Hadoop delegation tokens for authentication.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_k...

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html

View solution in original post

967 Views
2 REPLIES 2

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎11-03-2017 05:03 PM

@Theyaa Matti

You can take a look at the HDFS proxyuser hosts setting as, means the user with name as <USERNAME> will be able to access the test1.example.com,test2.example.com,test3.example.com hosts only.

hadoop.proxyuser.<USERNAME>.hosts=test1.example.com,test2.example.com,test3.example.com

.

https://hadoop.apache.org/docs/r2.7.1/hadoop-project-dist/hadoop-common/Superusers.html

967 Views
0 Kudos

avatar
author-rank jpetro416
Expert Contributor

Created ‎11-03-2017 05:07 PM

You achieve this by limiting access via firewall rules, other than that KNOX + Kerberos is the built in method.


Some resources:

Secure Authentication: The core Hadoop uses Kerberos and Hadoop delegation tokens for security. WebHDFS also uses Kerberos (SPNEGO) and Hadoop delegation tokens for authentication.

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/configure_webhdfs_for_k...

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cdh_sg_secure_webhdfs_config.html

968 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements