General Security for Ecosystem Components

Describes security configuration for Ecosystem components.

Ecosystem components in the MapR Converged Data Platform use the Java Authentication and Authorization Service (JAAS) for security configuration. The /opt/mapr/conf/mapr.login.conf file defines JAAS configurations. The MAPR_ECOSYSTEM_LOGIN_OPTS environment variable in the /opt/mapr/conf/ file specifies the JAAS configuration used by installed Ecosystem components.

Note: See the Ecosystem Guide for component-specific security configuration information.

When security is enabled, the value of the MAPR_ECOSYSTEM_LOGIN_OPTS environment variable is modified to include the hybrid JVM option for hadoop.login. This is equivalent to setting the -Dhadoop.login=hybrid flag at the command line. This setting specifies a mixed security environment using Kerberos and internal MapR security technologies.

The mapr.login.conf file has two stanzas for hybrid security:

 * authenticate using hybrid of kerberos and MapR
 * maprticket must already exist on file system as MapR login module
 * cannot get kerberos identity from subject for implicit login.

hadoop_hybrid { optional
      doNotPrompt=true; required
      checkUGI=false; required; required;
hadoop_hybrid_keytab { optional
      storeKey=true; required
      useServerKey=true; required; required;