The Teradata Portfolio for Hadoop is a flexible offering of products and services for our customers to integrate Hadoop into a Teradata environment and across a broader enterprise architecture, while taking advantage of the world-class Teradata service and support. The Hadoop Channel covers the hardware and software features, tips and best practices on all the components of the Teradata Portfolio for Hadoop.
As a Hadoop developer or administrator, enabling Kerberos is an essential step towards securing your cluster.
If you are just getting started with Kerberos on Hadoop, I recommend reading the "What is Kerberos?" section of Steve Loughran's excellent "Kerberos and Hadoop" guide.
After enabling Kerberos on your Hadoop cluster, its recommended that you use the ‘tdatuser’ (or some other Linux user with a corresponding Kerberos principal created in the KDC) when interfacing with Hadoop from the command-line. When an MIT KDC is configured via Teradata's HCLI tool, a headless key tab will be created for the ‘tdatuser’ and will be placed in the /etc/security/keytabs/ directory.
Here are some example commands, executed on a CDH 5.9.0 cluster with Kerberos enabled:
Checking which principals have been created on the local MIT KDC: