Hey Stuti, Hadoop doesn't get configured for LDAP per se, you just need to configure your nodes to do LDAP authentication via pam. Here's a guide:
http://www.howtoforge.com/linux_ldap_authentication Assuming you already have an LDAP server setup, you probably only care about the "Client configuration" section. -Joey On Tue, Feb 14, 2012 at 5:10 AM, Stuti Awasthi <stutiawas...@hcl.com> wrote: > I found this link for HDFS-Proxy setup. It also includes configuration > with LDAP but documentation is for Hadoop 0.21. I am thinking of giving it > a shot with Hadoop 1.0.0 > > http://hadoop.apache.org/hdfs/docs/r0.21.0/hdfsproxy.html#Filter+Module%3A+Proxy+Authentication+and+Access+Control > > Am I on correct path ? > > -----Original Message----- > From: Stuti Awasthi > Sent: Tuesday, February 14, 2012 1:48 PM > To: 'hdfs-user@hadoop.apache.org' > Subject: RE: Security in Hadoop-1.0.0 > > After some googling I found the following link : > http://mapredit.blogspot.in/2011/10/secure-your-hadoop-cluster-part-i.html > http://mapredit.blogspot.in/2011/10/secure-your-hadoop-cluster-part-ii.html > > But these mainly deals with applying LDAP for map-reduce. I want to > configure LDAP for HDFS as well as mapreduce. Please suggest me some links > through which I can configure dfs with LDP also. > > Thanks > > -----Original Message----- > From: Stuti Awasthi > Sent: Tuesday, February 14, 2012 12:28 PM > To: hdfs-user@hadoop.apache.org > Subject: RE: Security in Hadoop-1.0.0 > > Thanks Patrick, > > The concept is clear to me now. As a first step I would like to configure > LDAP with Hadoop. > I am using Apache Hadoop 1.0.0 but not able to find configuration steps in > this version documentation. > It would be really helpful if someone can point me to relevant > documentation of configuring this version of Hadoop with LDAP. > > Thanks > > From: Patrick Angeles [mailto:patrickange...@gmail.com] > Sent: Monday, February 13, 2012 8:29 PM > To: hdfs-user@hadoop.apache.org > Subject: Re: Security in Hadoop-1.0.0 > > LDAP and Kerberos are orthogonal in Hadoop, but both are often used > together. LDAP allows for centralized user/group management (sort of like > DNS for your users). Kerberos is for strong authentication of users. > > When using Kerberos in Hadoop, you want to propagate user/group identities > to all your cluster nodes. (Otherwise, you might authenticate strongly, but > your user ID doesn't exist in a Tasktracker so your job fails.) LDAP > happens to be a common way to do this. > > Typically when you set up Kerberos, you also set up your cluster nodes to > do LDAP authentication. You do this setup at the operating system level > (via PAM). > > Note that you can also use Hue as your user-gateway to Hadoop. In this > scenario, you can use an LDAP backend to authenticate users. You do not > have to (but can) configure Hadoop with Kerberos. > > - P > On Mon, Feb 13, 2012 at 3:11 AM, Stuti Awasthi <stutiawas...@hcl.com> > wrote: > Hi, > I am bit confused on Security part of Hadoop. Cluster is behind the > firewall. I have read that Hadoop can be configured with LDAP also. > I want to know which is better : configure Hadoop security with LDAP or > Kerberos as both provide authentication. > > Please provide me more details on this as I am newbee in this part. > > Thanks > > > -----Original Message----- > From: alo alt [mailto:wget.n...@googlemail.com] > Sent: Monday, February 06, 2012 3:56 PM > To: hdfs-user@hadoop.apache.org > Subject: Re: Security in Hadoop-1.0.0 > > Kerberos tokens and lifetime: > > http://hortonworks.com/the-role-of-delegation-tokens-in-apache-hadoop-security/ > > Security in CDH3 (the same as hadoop) > https://ccp.cloudera.com/display/CDHDOC/CDH3+Security+Guide > > best, > Alex > > -- > Alexander Lorenz > http://mapredit.blogspot.com > > On Feb 6, 2012, at 11:19 AM, Stuti Awasthi wrote: > > > Hi all, > > I started looking into configure security in Hadoop-1.0.0 but do not > find concrete documentation on which kind of security is provided in this > release and how to configure them. > > Currently I am following > > "http://hadoop.apache.org/common/docs/r1.0.0/"; documentation > > > > As per knowledge, Proxy authentication and Kerberos security is provided > in this release of Hadoop. Please point me to some good documentation or > give me some pointers from where I can start this work. > > > > Thanks > > Stuti Awasthi > > > > > > > > ::DISCLAIMER:: > > ---------------------------------------------------------------------- > > ------------------------------------------------- > > > > The contents of this e-mail and any attachment(s) are confidential and > intended for the named recipient(s) only. > > It shall not attach any liability on the originator or HCL or its > > affiliates. Any views or opinions presented in this email are solely > those of the author and may not necessarily reflect the opinions of HCL or > its affiliates. > > Any form of reproduction, dissemination, copying, disclosure, > > modification, distribution and / or publication of this message > > without the prior written consent of the author of this e-mail is > > strictly prohibited. If you have received this email in error please > delete it and notify the sender immediately. Before opening any mail and > attachments please check them for viruses and defect. > > > > ---------------------------------------------------------------------- > > ------------------------------------------------- > > -- Joseph Echeverria Cloudera, Inc. 443.305.9434
