This is documentation for MapR Version 5.0. You can also refer to MapR documentation for the latest release.

Skip to end of metadata
Go to start of metadata

MapR allows you to implement a completely custom configuration of security for components within a secure MapR installation. However, about 80% of secure MapR installations actually implement one of two core scenarios.

For reasons driven by dependencies between security options selected for different MapR ecosystem components, these two options are defined in terms of the extent to which you wish to use, or avoid use of Kerberos. If your security plans fit within one of these scenarios, you can implement the component settings described without having to do all the planning to work out the dependencies between security option choices made for different components.

Icon

These scenarios are streamlined to allow you to quickly implement security in a MapR installation with security enabled.

  • If you wish to implement security selectively within a MapR installation where security is not enabled, see the sections for individual ecosystem components in the Ecosystem Guide
  • If you wish to configure a custom security implementation, selecting from the full range of options that are available, see Configuring MapR Security and sections for individual ecosystem components in the Ecosystem Guide

To quickly implement security in a secured MapR cluster, configure security settings for a scenario in which Kerberos is used wherever it is supported:

  • No labels
Page: Maximum Use of Kerberos Scenario Page: Enable Wire-Level Security Page: Perform All Required Kerberos Admin Tasks Page: Configure Pluggable Authentication Modules (PAM) to Use Kerberos Page: Configure Pluggable Authentication Modules (PAM) to Use LDAP Page: Set Up Java Authentication and Authorization Service (JAAS) Page: Enable Impersonation for the mapr Superuser Page: Configuring Browsers for SPNEGO Page: Configure JobTracker with Kerberos Page: Configure YARN with Kerberos Page: Configure Flume to Use Kerberos Page: Enable Impersonation for Flume Page: Configure HBase to use Kerberos Page: Enable HBase Access Control Page: Enable Impersonation for HBase Page: Configure Kerberos Authentication for the HBase REST Gateway Page: Configure Kerberos Authentication for the HBase Thrift 1 Gateway Page: Enable Impersonation in the HBase REST Gateway Page: Enable Impersonation in the HBase Thrift 1 Gateway Page: Configure Hive Metastore to Use Kerberos Authentication Page: Configure Hive Metastore to use MapR-SASL Authentication Page: Configure HiveServer2 to Use Kerberos Authentication Page: Configure HiveServer2 to use MapR-SASL Authentication Page: Configure WebHCat to use Kerberos Authentication Page: Configure Hive Metastore to Use Storage-Based Authorization Page: Enable Impersonation for Hive Page: Configure Drill Impersonation with Hive Page: Configure Drill to Use Kerberos with Hive Metastore Page: Enable Drill Impersonation without Hive Page: Configure Kerberos Authentication for HttpFS Page: Configure PAM Authentication for HttpFS Page: Configure SSL for HttpFS Page: Enable Impersonation for HttpFS Page: Configure Hue to use Kerberos with MapReduce v. 1 (MRv1) Page: Configure Hue to Use Kerberos with MapReduce v. 2 (YARN) Page: Configuring Hue to use MapR-SASL Page: Configure Hue User Interface Authentication Page: Enabling SSL Encryption Between Hue and Hive Page: Enabling SSL Encryption Between Hue and HttpFS Page: Configure Sentry Page: Configuring Impala to Use Sentry Authorization Page: Enabling SSL Encryption for Impala Page: Configure Oozie to Use SSL Page: Enable Impersonation for Oozie Page: Configure MapR-SASL Authentication for Sqoop2 Page: Configuring Kerberos Authentication for Sqoop2