Home
6.0 Platform
Provides a brief overview of what the MapR data platform is and how you can use it to solve enterprise business needs.
Security
Security Capabilities
Describes authentication, authorization, and encryption capabilities. A secure MapR environment is predicated on authentication, authorization, and encryption capabilities.
Authentication in MapR
Describes robust MapR authentication that prevents third parties from representing themselves as legitimate users.

MapR 6.0 Documentation

6.0 Platform
Provides a brief overview of what the MapR data platform is and how you can use it to solve enterprise business needs.
- MapR-XD
- MapR-DB
  MapR-DB is an enterprise-grade, high-performance, NoSQL database management system. You can use it for real-time, operational analytics capabilities.
- MapR-ES
  MapR-ES brings integrated publish and subscribe messaging to the MapR Converged Data Platform.
- Cluster Management
- Security
  - Security Capabilities
    Describes authentication, authorization, and encryption capabilities. A secure MapR environment is predicated on authentication, authorization, and encryption capabilities.
    - Built-in Security in MapR
      Introduces a new security setting for MapR platform and ecosystem security.
    - Custom Security in MapR
      Describes the .customSecure file and how MapR 6.x handles custom security settings.
    - Authentication in MapR
      Describes robust MapR authentication that prevents third parties from representing themselves as legitimate users.
    - Authorization in MapR
      Describes the basics of authorization including Access Control Lists and Access Control Expressions.
    - Encryption in MapR
      Describes encryption types available on the MapR Converged Data Platform.
    - Impersonation in MapR
      Describes impersonation in MapR, which allows centralized control of access to resources in the MapR-FS, MapR-DB, and MapR-ES.
    - Auditing in MapR
      MapR allows you to log audit records of cluster-administration operations and operations on directories, files, and tables.
  - Security Architecture
    Describes how the design of the MapR security architecture takes into account the main threats to a secure cluster. By default, MapR provides basic authorization functionality and some authentication.
  - Ports Used for Secure Services
    Lists the ports used by web interfaces for secure Hadoop 2 services
- YARN
- Client Connections

Authentication in MapR

Describes robust MapR authentication that prevents third parties from representing themselves as legitimate users.

Authentication ensures that the identity of the end user or system is known reliably in a network safe way. The core component of user authentication in MapR is the ticket. A ticket is an object that contains specific information about a user, an expiration time, and a key. Tickets uniquely identify a user and are encrypted to protect their contents. You can use tickets to establish sessions between a user and the cluster.

Types of Authentication in MapR

MapR supports two methods of authenticating a user and generating a ticket: a username-password pair and Kerberos. Both of these methods are mediated by the maprlogin utility. When you authenticate with a username-password pair, the system verifies your credentials using Pluggable Authentication Modules (PAM). You can configure the cluster to use any registry that has a PAM module.

MapR tickets contain the following information:

UID (generated from the UNIX user ID)
GIDs (group IDs for each group the user belongs to)
ticket creation time
ticket expiration time (by default, 14 days)
renewal expiration time (by default, 30 days from the date of ticket creation)

A MapR ticket determines the user's identity and the system uses the ticket as the basis for authorization. A MapR cluster with security features enabled does not rely on the client-side operating system identity.

The Security Architecture section discusses the implementation details of these authentication methods.

(Topic last modified: 2018-07-25)