System Behavior Changes and Security

Describes the authentication, communication, and encryption changes that take place after enabling security.

After enabling security features for your cluster, the following behaviors change:

  • Users must authenticate with the maprlogin utility.
  • Components that have web UIs, such as the MapR Control System (MCS), Hive, and Oozie, require authentication.

    Important: Be sure to complete the Configuring PAM task to set up user authentication for MCS logins.
  • Several components that communicate over HTTP use HTTPS instead.
  • Encryption is used for significant network traffic. Not all network traffic can be encrypted. Transmissions between ZooKeeper nodes are not encrypted.
  • Access to a cluster using URIs that use the CLDB node's name or IP address, instead of the cluster name, is no longer supported, as in the following examples. The following URIs no longer work after enabling security:
    
    http://cldb1.cluster.com:7222/f1
    http://10.10.20.10:7221/f1
    The following URIs work after enabling security:
    
    http:///f1 <access f1 in default cluster>
    http://my.cluster.com/f1