MapR 5.1 is at End of Life (EOL) and no longer supported. Please see the latest documentation. This documentation is not being updated.

Home
5.1 Administration
This section contains administration information such as managing your cluster, data, users, jobs and security information such as configuring your security environment and auditing.
Security Guide
Security Overview
Describes the security features of the MapR Converged Data Platform.
Authentication in MapR
Provides information about MapR ticket, Kerberos, Pluggable Authentication Module (PAM) authentication.

MapR 5.1 Documentation

5.1 Administration
This section contains administration information such as managing your cluster, data, users, jobs and security information such as configuring your security environment and auditing.
- Administrator Guide
- Security Guide
  - Security Overview
    Describes the security features of the MapR Converged Data Platform.
    - Authentication in MapR
      Provides information about MapR ticket, Kerberos, Pluggable Authentication Module (PAM) authentication.
    - Authorization in MapR
      Describes how flexible authorization systems restrict a user's scope.
    - Encryption Used by MapR
      Describes how encrypted data transmission protects communication paths.
    - Impersonation in MapR
      Describes how to give the mapr super user centralized control of the cluster.
    - Auditing in MapR
      Describes how auditing records valuable information about the cluster.
  - Security Architecture
    Describes the default security architecture and additional authentication and encryption capabilities.
  - Logging into a Secure Cluster
    Describes how to use tickets to access a secure MapR cluster.
  - Tickets and Certificates
    Describes how tickets and certificates authenticate users and servers to a cluster.
  - Getting Started with MapR Security
    Describes the two core scenarios that allow quick implementation of security features.
  - Configuring MapR Security
    Describes how to enable security features and configure the components on a secure cluster.
  - Auditing of Cluster Administration and Operations on Directories, Files, Tables, and Streams
    Describes how to process and use audit records to improve data analysis.

Authentication in MapR

Provides information about MapR ticket, Kerberos, Pluggable Authentication Module (PAM) authentication.

Authentication restricts access to a specified set of users. Robust authentication prevents third parties from representing themselves as legitimate users. The core component of user authentication in MapR is the ticket. A ticket is an object that contains specific information about a user, an expiration time, and a key. Tickets uniquely identify a user and are encrypted to protect their contents. Tickets are used to establish sessions between a user and the cluster.

MapR supports two methods of authenticating a user and generating a ticket: a username/password pair and Kerberos. Both of these methods are mediated by the maprlogin utility. When you authenticate with a username/password pair, the system verifies credentials using Pluggable Authentication Modules (PAM). You can configure the cluster to use any registry that has a PAM module.

MapR tickets contain the following information:

UID (generated from the UNIX user ID)
GIDs (group IDs for each group the user belongs to)
ticket creation time
ticket expiration time (by default, 14 days)
renewal expiration time (by default, 30 days from date of ticket creation)

A MapR ticket determines the user's identity and the system uses the ticket as the basis for authorization decisions. A MapR cluster with security features enabled does not rely on the client-side operating system identity.

The Security Architecture section discusses the implementation details of these authentication methods.