DevOps | Cloud | Analytics | Open Source | Programming

How To Enable Kerberos in Cloudera Hadoop Cluster ?

In this post , I will explain How To Enable Kerberos in Cloudera Hadoop Cluster .

As an introduction, I would advice going through my earlier post -How To Install & Configure Kerberos Server & Client in Linux ? That post explained how to setup and configure Kerberos in a Cluster.


It is assumed following things are set up and running

  • Cloudera CDH
  • Cloudera Manager and
  • Kerberos Server and Client is installed in the Cluster ( Read this post how to do it)

Goal :

Our Goal is to Enable Security on the Cloudera Hadoop Cluster by enabling Kerberos Authentication.  

Prerequisites - Java Cryptography Extension(JCE)

  • Java Crypography Extension (JCE) Unlimited Policy File must be installed in all machines within the cluster. Install based on Java version. Check Java version using -

$ java -version

  • Download the JCE file from Oracle website -

  • Once you download the JCE file, untar it to the Java runtime security folder

$ unzip -o -j -q Downloads/**jce\** -d **/usr/java/jdk1.8.0\_121/jre/lib/security/**

  • Restart the Cloudera Server

$ sudo service cloudera-scm-server restart

  Now lets start the Kerberos enablement for the Cloudera Hadoop Cluster.

Step 1 - Cloudera Manager :


Step 2 - Enable Kerberos :

Step 3 - Select All Options


Step 4 - Fill in The Configuration Details

We need to input KDC Server ip or hostname , Kerberos Realm name &  the encryption type in this step. Please go through my earlier post to understand how to create & configure these values. The post link is - How To Install & Configure Kerberos Server & Client in Linux ? I will use the same details created in the above post

KDC Server Host: <KDC\_Server\_ip>
Kerberos Security Realm: TESTREALM.LOCAL   
Kerberos Encryption Types: aes256-cts-hmac-sha1-96


Step 6 - krb5 Configuration:

Here we set up the configuration file - krb5.conf.

You can choose and change various parameters related to Kerberos & Tickets                    

Step 7 - Use KDC Admin Credentials:

Use KDC Admin Credentials. These must have been created . If you don't know how to create a KDC Admin credentials , please refer my earlier post - How To Install & Configure Kerberos Server & Client in Linux ?

After you fill in the Admin details correctly , the next screen shows you that wizard was able to authenticate the Admin details successfully.

Step 8 - Select "Ready To Restart" Option:


Step 9 - Verify the Installation:

Lets verify now if all Kerberos services are working or not .

  • Login to any Kerberos Root Server

  • Check if Kerberos services are running.

$ service krb5kdc status

$ service kadmin status

We will try to create a new Principle.

  • Run below -

$ kadmin.local

  • Create a new user\Principle . In kadmin.local prompt use –

kadmin.local: addprinc [email protected]

  • Check if Principle is created . It should list testuser1 Principle.

kadmin.local : listprincs

Hope you find this post helpful.  

Additional Posts You Can Read -