Best practices for securing the Hadoop ecosystem components
We looked at different types of Hadoop ecosystem components and understood how to set up a secured Hadoop ecosystem with all these components. In this section, let us summarize these best practices as follows:
All services that are running within the Hadoop ecosystem need to be authenticated with KDC. This will ensure that there is no rogue process creating malicious activity.
It is a best practice to store the KDC credentials in an LDAP store, so that the credentials and authorizations can be centrally managed.
The
keytabfile needs to be secured, and only the user for whom the file is created should be provided with read access to the file.Whenever a Java client is accessing the service, client authentication should be done by the service using RPC authentication mechanism.
Whenever user impersonation is used to impersonate an end user by the service user, the service process has to be fully secured by Kerberos and also the host running...
