Thanks 🙂 ... View more

And a lot of other components have TLS in Security section ...   Are those mandatory or only needed for Kerberos? ... View more

@Fawze,   Currently, LDAP authentication for Cloudera Manager is only available in Cloudera Enterprise as outlined here:   https://www.cloudera.com/documentation/enterprise/latest/topics/cm_ig_feature_differences.html   If you wish to discuss licensing options with Sales, the following form can be used:   https://www.cloudera.com/contact-sales.html   Ben     ... View more

Hi @IgorYakushin,   To add to what @mbigelow mentioned, you can enable Kerberos without using TLS to secure communication between your agents and Cloudera Manager, but that would allow the kerberos keytabs to be transmitted from Cloudera Manager to your agents in the clear (risking a malicious party gaining access to your ketyab).   Most of the security you will likley need is taken care of by inabling TLS for Agent communication in this section: Configuring TLS Encryption for Cloudera Manager Agents   This will encrypt communication when the agent gets the keytabs and other files from CM.   If you want more security by having the agents do verification of Cloudera Manager's certificate signer and hostname, then you can configure your trust file for each agent (to trust the CM signer).   In summary, you don't need to have TLS enabled to enable Kerberos.  If you need to protect the keytabs, enable TLS Encryption for Agents. If you need higher security by having the agents trust the signer of the Cloudera Manager server certificate, you can proceed with the other steps: https://www.cloudera.com/documentation/enterprise/latest/topics/how_to_configure_cm_tls.html#topic_3   Ben     ... View more