Hi Lewis, Sentry provides role-based access control for a number of Hadoop services. It does not provide the full-stack security hardening you are looking for but it is an important part of the picture. The Cloudera documentation on Sentry goes a long way to explaining what Sentry is and how it works. If you'd like to learn more this a good place to start.
https://www.cloudera.com/documentation/enterprise/5-7-x/topics/sg_sentry_overview.html Secure mode i.e. Kerberos authentication is essential if you are going to run Sentry, otherwise users can trivially bypass the access control provided by Sentry. If you're looking at securing the whole cluster then there's a lot to consider and you could do worse than to read Hadoop Security from O'Reilly Books. http://shop.oreilly.com/product/0636920033332.do Regards, Jim On Wed, Oct 5, 2016 at 8:04 PM, lewis john mcgibbney <lewi...@apache.org> wrote: > Hi Folks, > I've spent the last few nights trying to read through as much of the sentry > documentation as I can and have a couple of very basic questions > particularly surrounding my requirement to have a secure Hadoop ecosystem. > Say for example I want to lock down the entire Hadoop cluster including all > system ports, WebUI's as well as implementation of security based roles and > authorization. Is Sentry the tool to use? Do I also need to have configured > and be running Hadoop in secure mode? > I appreciate any feedback on this one as it is not immediately obvious > looking at the Sentry website and documentation (I don't think) if there > are other options over and above Sentry to make the cluster secure. > Thanks > Lewis > > -- > http://home.apache.org/~lewismc/ > @hectorMcSpector > http://www.linkedin.com/in/lmcgibbney > -- *Jim Halfpenny* Solutions Architect *M* +44 (0) 7793 826085 | jhalfpe...@cloudera.com Cloudera Inc. | www.cloudera.com Celebrating a decade of community accomplishments cloudera.com/hadoop10 #hadoop10
