Search
Acceldata Open Source Data Platform
ODP 3.2.3.2-2
Release Notes
What is ODP
Installation
Configuration and Management
Upgrade
USER GUIDES
Security
Uninstall ODP
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Druid
Summarize Page
Copy Markdown
Open in ChatGPT
Open in Claude
Connect to Cursor
Connect to VS Code
Overview
Following the installation of Druid through Ambari UI, you can strengthen security by introducing authentication or authorization features as per your requirements.
Enabling Kerberos in Druid
Enabling Kerberos for Druid in Ambari triggers an automatic update of the necessary Kerberos configurations in Druid, ensuring a simple and efficient integration of security measures.
To enable Kerberos in Druid, the following updates are necessary:
- Include "druid-kerberos" in the loaded extensions list found in Advanced Druid-Common under "druid.extensions.loadList”.
- Add the following configurations to Custom Druid-Common. Here are the Kerberos configurations specific to Druid:
Bash
x
druid.auth.authenticatorChain=["kerberos"]druid.auth.authenticator.kerberos.type=kerberosdruid.auth.authenticator.kerberos.cookieSignatureSecret=cookie-signature-secretdruid.auth.authenticator.kerberos.serverKeytab=/etc/security/keytabs/spnego.service.keytabdruid.auth.authenticator.kerberos.serverPrincipal=<Default values added by Amabri HTTP/_HOST@ADSRE.COM >druid.auth.authenticator.kerberos.authToLocal=<This value will be added by ambari by-defaut>druid.hadoop.security.authentication=kerberosdruid.hadoop.security.kerberos.keytab=<druid.headless.keytab location>druid.hadoop.security.kerberos.principal=<Druid-kerberos-Principle-name>druid.escalator.type=kerberosdruid.escalator.internalClientPrincipal=<Druid-kerberos-Principle-name >druid.escalator.internalClientKeytab=/etc/security/keytabs/druid.headless.keytabdruid.escalator.authorizerName=<basic/ldapauth>Presented below is an illustrative example:
Bash
druid.auth.authenticatorChain=["kerberos"]druid.auth.authenticator.kerberos.type=kerberosdruid.auth.authenticator.kerberos.cookieSignatureSecret=cookie-signature-secretdruid.auth.authenticator.kerberos.serverKeytab=/etc/security/keytabs/spnego.service.keytabdruid.auth.authenticator.kerberos.serverPrincipal=HTTP/_HOST@ADSRE.COMdruid.auth.authenticator.kerberos.authToLocal=<This value will be added by ambari by-defaut>druid.hadoop.security.authentication=kerberosdruid.hadoop.security.kerberos.keytab=/etc/security/keytabs/druid.headless.keytabdruid.hadoop.security.kerberos.principal=druid-odp_focal@ADSRE.COMdruid.escalator.type=kerberosdruid.escalator.internalClientPrincipal=druid-odp_focal@ADSRE.COMdruid.escalator.internalClientKeytab=/etc/security/keytabs/druid.headless.keytabdruid.escalator.authorizerName=basicEnabling LDAP on Druid
To enable authentication and authorization for Druid, incorporate the provided configurations into the Custom Druid-Common settings.
Here are the Kerberos configurations specific to Druid.
Bash
druid.auth.authenticator.ldap.authorizerName=ldapauthdruid.auth.authenticator.ldap.credentialsValidator.baseDn=<base-dn>druid.auth.authenticator.ldap.credentialsValidator.bindPassword=<bindPassword>druid.auth.authenticator.ldap.credentialsValidator.bindUser=<bindUser>druid.auth.authenticator.ldap.credentialsValidator.type=ldapdruid.auth.authenticator.ldap.credentialsValidator.url=ldap://<ldap_host>:<port>druid.auth.authenticator.ldap.credentialsValidator.userAttribute=<userAttribute>druid.auth.authenticator.ldap.credentialsValidator.userSearch=<userSearch>druid.auth.authenticator.ldap.enableCacheNotifications=truedruid.auth.authenticator.ldap.type=basicdruid.auth.authenticatorChain=["ldap"]druid.auth.authorizer.ldap.roleProvider.ldapGroupAttribute=<ldapGroup-Attribute>druid.auth.authorizer.ldapauth.initialAdminRole=admindruid.auth.authorizer.ldapauth.initialAdminUser=admindruid.auth.authorizer.ldapauth.roleProvider.type=ldapdruid.auth.authorizer.ldapauth.type=basicdruid.auth.authorizers=["ldapauth"]druid.escalator.type=basicdruid.escalator.authorizerName=ldapauthdruid.escalator.internalClientUsername=<internal-Client-Username>druid.escalator.internalClientPassword=<internal-Client-Password>Presented below is an illustrative example.
Bash
druid.auth.authenticator.ldap.authorizerName=ldapauthdruid.auth.authenticator.ldap.credentialsValidator.baseDn=dc=hadoop,dc=apache,dc=orgdruid.auth.authenticator.ldap.credentialsValidator.bindPassword=admin-passworddruid.auth.authenticator.ldap.credentialsValidator.bindUser=uid=admin,ou=people,dc=hadoop,dc=apache,dc=orgdruid.auth.authenticator.ldap.credentialsValidator.type=ldapdruid.auth.authenticator.ldap.credentialsValidator.url=ldap://<ldap_host>:33389druid.auth.authenticator.ldap.credentialsValidator.userAttribute=uiddruid.auth.authenticator.ldap.credentialsValidator.userSearch=(&(cn=%s)(objectClass=inetOrgPerson))druid.auth.authenticator.ldap.enableCacheNotifications=truedruid.auth.authenticator.ldap.type=basicdruid.auth.authenticatorChain=["ldap"]druid.auth.authorizer.ldap.roleProvider.ldapGroupAttribute=memberdruid.auth.authorizer.ldapauth.initialAdminRole=admindruid.auth.authorizer.ldapauth.initialAdminUser=admindruid.auth.authorizer.ldapauth.roleProvider.type=ldapdruid.auth.authorizer.ldapauth.type=basicdruid.auth.authorizers=["ldapauth"]druid.escalator.type=basicdruid.escalator.authorizerName=ldapauthdruid.escalator.internalClientUsername=internal@example.comdruid.escalator.internalClientPassword=internaluserpasswordType to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on Jan 25, 2024
Was this page helpful?
Next to read:
Enabling Kerberos in DruidDiscard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message