Setting up Kerberos
The first step in the process to establish a secure Hadoop cluster is to set up the Kerberos authentication and ensure that the Kerberos authentication for the Hadoop service principals are working for all the nodes on the cluster. To set up Kerberos, we establish a Kerberos Server (KDC) on a separate node and install the Kerberos client on all nodes of the Hadoop cluster as shown in the following figure:
The following figure illustrates the high-level steps involved in installing and configuring Kerberos. It also shows the various Kerberos utilities that are available.
We will use the following realm and domain for the rest of this chapter:
Domain name: mydomain.com
Realm name: MYREALM.COM
Installing the Key Distribution Center
To set up Kerberos, we need to install the Key Distribution Center (KDC) on a secured server.
On RHEL/CentOS/Fedora, to install Kerberos, run the following command with root privileges:
yum install krb5-server krb5-libs krb5-workstation
Detailed instructions...
