MapR 5.0 Documentation : Securing Open Source Components

Security for Open Source Components

Open source components on a MapR cluster have several options for security. See the Ecosystem Guide for component-specific instructions. 

General Security Configuration with JAAS

Open source components in the MapR distribution for Hadoop use the Java Authentication and Authorization Service (JAAS) for security configuration.  The /opt/mapr/conf/mapr.login.conf file defines JAAS configurations. The MAPR_ECOSYSTEM_LOGIN_OPTS environment variable in the /opt/mapr/conf/ file specifies the JAAS configuration used by installed open source components. When security is enabled, the value of the MAPR_ECOSYSTEM_LOGIN_OPTS environment variable is modified to include the hybrid JVM option for hadoop.login. This is equivalent to setting the -Dhadoop.login=hybrid flag at the command line.This setting specifies a mixed security environment using Kerberos and internal MapR security technologies.

The mapr.login.conf file has two stanzas for hybrid security:

 * authenticate using hybrid of kerberos and MapR
 * maprticket must already exist on file system as MapR login module
 * cannot get kerberos identity from subject for implicit login.

hadoop_hybrid { optional
      doNotPrompt=true; required
      checkUGI=false; required; required;
hadoop_hybrid_keytab { optional
      storeKey=true; required
      useServerKey=true; required; required;