Required Role: Cluster Administrator or Full Administrator

Cloudera Manager provides a wizard for integrating your organization's Kerberos instance with your cluster to provide authentication services.

Kerberos must already be deployed in your organization and the Kerberos key distribution center (KDC) must be ready to use, with a realm established. For Hue and Oozie, the Kerberos realm must support renewable tickets.

  Important: Before integrating Kerberos with your cluster, configure TLS/SSL encryption between Cloudera Manager Server and all Cloudera Manager Agent host systems in the cluster. During the Kerberos integration process, Cloudera Manager Server sends keytab file to the Cloudera Manager Agent hosts, and TLS/SSL encrypts the network communication so these files are protected. See How to Configure TLS Encryption for Cloudera Manager for details.

For Active Directory, you must have administrative privileges to the Active Directory instance for initial setup and for on-going management, or you will need to have the help of your AD administrator prior to and during the integration process. For example, administrative access is needed to access the Active Directory KDC, create principals, and troubleshoot Kerberos TGT/TGS-ticket-renewal and take care of any other issues that may arise.

Support

In addition, Cloudera supports the Kerberos version that ships with each supported operating system listed in CDH and Cloudera Manager Supported Operating Systems.

Continue reading:

• Step 1: Install Cloudera Manager and CDH
• Step 2: If You are Using AES-256 Encryption, Install the JCE Policy File
• Step 3: Get or Create a Kerberos Principal for the Cloudera Manager Server
• Step 4: Enabling Kerberos Using the Wizard
• Step 5: Create the HDFS Superuser
• Step 6: Get or Create a Kerberos Principal for Each User Account
• Step 7: Prepare the Cluster for Each User
• Step 8: Verify that Kerberos Security is Working
• Step 9: (Optional) Enable Authentication for HTTP Web Consoles for Hadoop Roles