So far, we have covered all that is required to set up an Apache Hadoop cluster running CDH5 and managed by Cloudera Manager. With the cluster now ready to serve large volumes of data to users, the administrator needs to take into account the different users who will be accessing the system. In a production environment, organizations are very stringent in terms of security and expect their data and services to be secure. The administrator needs to have the tools to secure the Apache Hadoop cluster in their armor, and allow only authenticated users to access the cluster. Apart from authorization, the administrator has to be careful about what services in the cluster a user can access. Using Kerberos, the administrator can set up a highly secure cluster with robust authentication for users and services.
In this chapter, we will cover the following topics:
- Understanding authentication and authorization
- Introduction to Kerberos
- Understanding the Kerberos architecture
- Installing Kerberos
- Configuring Kerberos for Apache Hadoop
- Configuring Service Level Authorization in Apache Hadoop
In simple terms, authentication is the process of establishing the truth of an entity. Here, the entity could be a user or service on the network. For example, when you log in to your e-mail account, the e-mail server authenticates you based on your username and password. In almost every organization, the users who are part of the organization's network need to be authenticated before they are able to successfully log on to the network. Once the user is authenticated, the user should be restricted to use only the services to which the user is authorized. Authorization defines all the resources that a user can access or use. An example of the authorization is clearly visible on a Linux system. Every file and directory has permissions associated with them. These permissions decide which user can read, write, or access the file or directory.