General Security for Ecosystem Components

Ecosystem components in the MapR Converged Data Platform use the Java Authentication and Authorization Service (JAAS) for security configuration.

  • /opt/mapr/conf/mapr.login.conf file-defines JAAS configurations
  • MAPR_ECOSYSTEM_LOGIN_OPTS environment variable in the /opt/mapr/conf/ file-specifies the JAAS configuration used by installed Ecosystem components
Note: See the Ecosystem Guide for component-specific security configuration information.

When security is enabled, the value of the MAPR_ECOSYSTEM_LOGIN_OPTS is modified to include the hybrid JVM option for hadoop.login. This is equivalent to setting the -Dhadoop.login=hybrid flag at the command line. This setting specifies a mixed security environment using Kerberos and MapR tickets.

The mapr.login.conf file has two stanzas for hybrid security:

 * authenticate using hybrid of kerberos and MapR
 * maprticket must already exist on file system as MapR login module
 * cannot get kerberos identity from subject for implicit login.

hadoop_hybrid { optional
      doNotPrompt=true; required
      checkUGI=false; required; required;
hadoop_hybrid_keytab { optional
      storeKey=true; required
      useServerKey=true; required; required;