Posts

Showing posts from October, 2012

Secure your cluster with kerberos

Many times I get questions about a safe and fast way to secure a cluster without big steps like integrate AD structures, simply to prevent unauthorized access. I created this writeup to let you know the steps you need. I used CentOS 6.3 and CDH 4.0.1, but you can use other distributions as well. Setup KDC on a Linux Box Install kerberos5 related packages as well as kadmin, too. First thing you have to do is to replace EXAMPLE.COM, which is delivered per default, with your own realm. I used ALO.ALT here. Example config: # hadoop1> cat /etc/krb5.conf  [libdefaults]  default_realm = ALO.ALT  dns_lookup_realm = false  dns_lookup_kdc = false [realms]   ALO.ALT = {   kdc = HADOOP1.ALO.ALT:88   admin_server = HADOOP1.ALO.ALT:749   default_domain = HADOOP1.ALO.ALT  } [domain_realm]  .alo.alt = ALO.ALT  alo.alt = ALO.ALT [logging]   kdc = FILE:/var/log/krb5kdc.log   admin_server = FILE:/var/log/kadmin.log   default = FILE:/var/log/krb5lib.log Now tweak your DNS o