HADOOP-18627. Add stronger wording in 'secure mode' introduction (#5406)

Make it more clear that when deploying Hadoop 'secure mode' is generally not optional.

Contributed by Arnout Engelen
This commit is contained in:
Arnout Engelen 2023-02-17 17:30:41 +01:00 committed by Steve Loughran
parent b9b999f7b1
commit 477f17be97
No known key found for this signature in database
GPG Key ID: D22CF846DBB162A0
1 changed files with 3 additions and 1 deletions

View File

@ -20,7 +20,9 @@ Hadoop in Secure Mode
Introduction
------------
This document describes how to configure authentication for Hadoop in secure mode. When Hadoop is configured to run in secure mode, each Hadoop service and each user must be authenticated by Kerberos.
In its default configuration, we expect you to make sure attackers don't have access to your Hadoop cluster by restricting all network access. If you want any restrictions on who can remotely access data or submit work, you MUST secure authentication and access for your Hadoop cluster as described in this document.
When Hadoop is configured to run in secure mode, each Hadoop service and each user must be authenticated by Kerberos.
Forward and reverse host lookup for all service hosts must be configured correctly to allow services to authenticate with each other. Host lookups may be configured using either DNS or `/etc/hosts` files. Working knowledge of Kerberos and DNS is recommended before attempting to configure Hadoop services in Secure Mode.