MapR 5.1 is at End of Life (EOL) and no longer supported. Please see the latest documentation. This documentation is not being updated.

Home
5.1 Administration
This section contains administration information such as managing your cluster, data, users, jobs and security information such as configuring your security environment and auditing.
Security Guide
Security Architecture
Describes the default security architecture and additional authentication and encryption capabilities.
Encryption Architecture: Wire-Level Security
Provides information that allows you to understand encryption across the MapR platform.

MapR 5.1 Documentation

5.1 Administration
This section contains administration information such as managing your cluster, data, users, jobs and security information such as configuring your security environment and auditing.
- Administrator Guide
- Security Guide
  - Security Overview
    Describes the security features of the MapR Converged Data Platform.
  - Security Architecture
    Describes the default security architecture and additional authentication and encryption capabilities.
    - Authentication Architecture: the maprlogin Utility
    - Authorization Architecture: ACLs and ACEs
    - Encryption Architecture: Wire-Level Security
      Provides information that allows you to understand encryption across the MapR platform.
    - Security Protocols Used by MapR
  - Logging into a Secure Cluster
    Describes how to use tickets to access a secure MapR cluster.
  - Tickets and Certificates
    Describes how tickets and certificates authenticate users and servers to a cluster.
  - Getting Started with MapR Security
    Describes the two core scenarios that allow quick implementation of security features.
  - Configuring MapR Security
    Describes how to enable security features and configure the components on a secure cluster.
  - Auditing of Cluster Administration and Operations on Directories, Files, Tables, and Streams
    Describes how to process and use audit records to improve data analysis.

Encryption Architecture: Wire-Level Security

Provides information that allows you to understand encryption across the MapR platform.

MapR uses a mix of approaches to secure the core work of the cluster and the Hadoop components installed on the cluster. For example, nodes in a MapR cluster use different protocols depending on their tasks:

The FileServer, JobTracker, TaskTracker, NodeManager, and ResourceManager use MapR tickets to secure their remote procedure calls (RPCs) with the native MapR security layer. Clients can use the maprlogin utility to obtain MapR tickets. Web UI elements of these components use password security by default, but can also be configured to use SPNEGO.
Hive Metastore, Hue, Flume, and Oozie use MapR tickets by default, but can also be configured to use Kerberos.
HBase require Kerberos for secure communications.
The MCS Web UI is secured with passwords. The MCS Web UI does not support SPNEGO for users, but supports both password and SPNEGO security for REST calls.

Servers must use matching security approaches. When an Oozie server, which supports MapR Tickets and Kerberos, connects to HBase, which supports only Kerberos, Oozie must use Kerberos for outbound security. When servers have both MapR and Kerberos credentials, these credentials must map to the same User ID to prevent ambiguity problems.