Category Archives: Security

New in CDH 5.2: Impala Authentication with LDAP and Kerberos

Categories: CDH Impala Security

Impala authentication can now be handled by a combination of LDAP and Kerberos. Here’s why, and how.

Impala, the open source analytic database for Apache Hadoop, supports authentication—the act of proving you are who you say you are—using both Kerberos and LDAP. Kerberos has been supported since release 1.0, LDAP support was added more recently, and with CDH 5.2, you can use both at the same time.

Using LDAP and Kerberos together provides significant value;

Read More

New in CDH 5.2: Apache Sentry Delegated GRANT and REVOKE

Categories: CDH Hive Hue Impala Security

This new feature, jointly developed by Cloudera and Intel engineers, makes management of role-based security much easier in Apache Hive, Impala, and Hue.

Apache Sentry (incubating) provides centralized authorization for services and applications in the Apache Hadoop ecosystem, allowing administrators to set up granular, role-based protection on resources, and to review them in one place. Previously, Sentry only designated administrators to GRANT and REVOKE privileges on an authorizable object.

Read More

The Early Release Books Keep Coming: This Time, Hadoop Security

Categories: Books Project Rhino Security

Hadoop Security is the latest book from Cloudera engineers in the Hadoop ecosystem books canon.

We are thrilled to announce the availability of the early release of Hadoop Security, a new book about security in the Apache Hadoop ecosystem published by O’Reilly Media. The early release contains two chapters on System Architecture and Securing Data Ingest and is available in O’Reilly’s catalog and in Safari Books.

Meet the Engineer: Sravya Tirukkovalur

Categories: Meet the Engineer Project Rhino Security

Meet Sravya Tirukkovalur (@sravsatuluri), a Software Engineer working on Apache Hadoop security at Cloudera.

What do you do at Cloudera, and in which Apache projects are you involved?

I am a software engineer here at Cloudera, working on the security aspects of the platform. I specifically work on and an active contributor to the Apache Sentry (incubating) project, which is part of the Project Rhino effort with Intel to bring comprehensive security for data protection to Hadoop.

Read More

New in Cloudera Manager 5.1: Direct Active Directory Integration for Kerberos Authentication

Categories: Hadoop How-to Security

With this new release, setting up a separate MIT KDC for cluster authentication services is no longer necessary.

Kerberos (initially developed by MIT in the 1980s) has been adopted by every major component of the Apache Hadoop ecosystem. Consequently, Kerberos has become an integral part of the security infrastructure for the enterprise data hub (EDH).

Until recently, the preferred architecture was to configure your Hadoop cluster to connect directly to an MIT key distribution center (KDC) for authentication services.

Read More