How to Check Security Settings on a Cluster
Quickly perform a high level check of your cluster’s security configuration by doing one of the following:
Check Security for Cloudera Manager Clusters
Use Cloudera Manager to verify security mechanisms for your cluster by simply examining the properties for the cluster.
For clusters not managed by Cloudera Manager Server, see Check Security for CDH Clusters.
- Log into the Cloudera Manager Admin Console.
- Select Security from the Administration drop-down selector to display a list of managed clusters:
This shows at a glance that both Kerberos and HDFS transparent encryption have been configured for this cluster.
- Select Settings from the Administration drop-down selector to open a search field.
- Enter TLS in the search field to display all TLS related configuration settings.
- Scroll through the displayed results, looking for “Use TLS...” for various services and processes. For example, the test system shown below is not using TLS for the Cloudera Manager
Admin Console:
See How to Configure TLS Encryption for Cloudera Manager for complete information about configuring TLS for the cluster.
To find all TLS settings, cluster-wide, enter "TLS enabled" (or simply, "TLS") in the top-most search field on the Cloudera Manager Admin Console. Then
you can easily select from among the display list to examine the actual setting.
Check Security for CDH Clusters
To check security settings for CDH components not managed by Cloudera Manager, open the configuration file (core-site.xml) in a text editor and examine the property values shown below:
Functionality | Property | Value |
---|---|---|
TLS | hadoop.ssl.enabled | true |
Kerberos | hadoop.security.authentication | kerberos |
hadoop.security.authorization | true |
See Configuring Authentication in CDH Using the Command Line and Configuring TLS/SSL Encryption for CDH Services for more information.