HPE Ezmeral Data Fabric 6.1.x is In Maintenance and transitions to "End of Maintenance" in June 2024. Please see the latest documentation.

About MapR 6.1
This site contains the main documentation for Version 6.1 of the MapR Converged Data Platform, including installation, configuration, administration, and reference information.
6.1 Installation
This section contains information about installing and upgrading MapR software. It also contains information about how to migrate data and applications from an Apache Hadoop cluster to a MapR cluster.
6.1 MapR Data Platform
MapR Data Platform is the industry-leading data platform for AI and analytics that solves enterprise business needs.
6.1 Administration
This section describes how to manage the nodes and services that make up a cluster.
- Administering Users and Clusters
  Lists topics that help manage a MapR cluster.
- Administering Nodes
  Provides a synopsis of managing nodes in a cluster.
- Administering Volumes
  This section provide information about how to organize and manage data using volumes, a unique feature of MapR clusters.
- Administering Files and Directories
- Administering Tables
  Administration of the MapR Database is done primarily via the command line (maprcli) or with the Managed Control System (MCS). Regardless of whether the MapR Database table is used for binary files or JSON documents, the same types of commands are used with slightly different parameter options. MapR Database administration is associated with tables, columns and column families, and table regions.
- Administering Streams
- Administering MapR Gateways
  A MapR gateway mediates one-way communication between a source MapR cluster and a destination cluster. You can replicate MapR Database tables (binary and JSON) and MapR Event Store For Apache Kafka streams. MapR gateways also apply updates from JSON tables to their secondary indexes and propagate Change Data Capture (CDC) logs.
- Administering Services
- Monitoring the Cluster
  This section describes how to monitor the health and performance of a MapR cluster.
- Configuring Security
  Describes how to configure security and manage secure clusters.
  - Configuring Data-Fabric Security
    Provides usage information for frequently used security functionality, including Access Control Lists (ACLs), Access Control Expressions (ACEs), file permissions, and subnet whitelisting.
    - Getting Started with MapR Security
      Describes quick implementation of security.
    - Managing Encryption for MapR Core
      Provides information that allows you to use encryption across the MapR platform.
    - Determining if a Cluster is Secure and Enabled for Encryption
      Explains how to use the Control System, the CLI, and REST API to determine whether a cluster is secure and whether on-wire encryption and data-at-rest encryption are enabled at the cluster and volume levels.
    - Configuring Authentication
      Provides information about MapR ticket, Kerberos, Pluggable Authentication Module (PAM) authentication.
      - Managing Tickets
        Introduces authentication using tickets for users and MapR servers.
        How Tickets Work
        Explains the concept of tickets and how they work.
        Generating a MapR User Ticket
        Describes what a user ticket is, and how to generate a user ticket.
        Generating a Service Ticket
        Generating a Service with Impersonation Ticket
        Generating a Ticket for a Tenant
        Explains what tenant tickets are and how to generate one.
        Generating a MapR Ticket from a Kerberos Ticket
        Configuring MapR PAM Authenticator
      - Configuring Kerberos
        Describes how Kerberos works with MapR tickets.
      - Configuring PAM
        Describes how PAM works with MapR.
    - Managing Access Controls
      Describes how to create, enable, and use ACLs and ACEs.
    - Customizing Security in MapR
      Describes the .customSecure file and how MapR 6.x handles custom security settings.
  - Managing Impersonation
    Provides instructions for enabling and using MapR impersonation features.
- Managing Secure Clusters
  Provides procedures that will enable you to use MapR clusters securely.
- Administering the MapR Data Access Gateway
  The MapR Data Access Gateway is a service that acts as a proxy and gateway for translating requests between lightweight client applications and the MapR cluster. This section describes considerations when upgrading the service, how to modify configuration settings, and how to administer and manage the service.
- Planning for High Availability
- Administrator's Reference
  This section contains in-depth reference information for the administrator.
- Troubleshooting Cluster Administration
  Lists the common errors and their solutions.
- Best Practices for Backing Up MapR Information
  Lists the best practices and performance considerations to follow when backing up MapR information.
6.1 Development
This section contains information related to application development for Ezmeral ecosystem components and MapR Data Platform products, including the file system, Database (Key-Value and JSON), and Event Streams.
Other Docs
This section contains release-independent information, including: MapR Installer documentation, Ecosystem release notes, interoperability matrices, security vulnerabilities, and links to other MapR version documentation.
Glossary
Definitions for commonly used terms in MapR Converged Data Platform environments.

How Tickets Work

Explains the concept of tickets and how they work.

When an authenticated user runs a client, the client uses that user's ticket to communicate securely with the server. After Enabling Wire-level Security, supported communications channels between client and server are encrypted.

Nodes use tickets to identify themselves to one another in order to prevent spoofing. Spoofing is a condition where an untrusted machine presents itself as a trusted machine to gain access to the cluster.

User Blocking

System administrators can use the command line interface to block a user. The command to block invalidates all of a user's tickets. After a block command is received by the CLDB, the name of the blocked user is sent to all FileServer nodes. These nodes reject any request sent by that user that has a ticket older than the block time stamp. Due to the nature of this check, there is no explicit removal of a blocked user. Issuing a new ticket with a time stamp more recent than the block time stamp implicitly permits the user. To permanently prevent a user from logging in again, revoke the user's credentials in the PAM registry.

What Blocking Affects

A blocked user cannot access the MapR filesystem or the CLDB. Blocking only revokes a user's existing valid tickets, be aware of the following interactions:

Blocking has no effect on Oozie's cached credentials in ~/.oozie-auth-token; and has no effect on Oozie in general, even after a restart.
Blocking does not affect a new authentication with user ID and password or with existing Kerberos credentials.
Since NFS does not use MapR tickets, blocking does not affect NFS access.
Blocked users can still be impersonated as impersonation does not check whether a user is blocked or not.
Blocking has no effect on ZooKeeper. Blocked users can still connect to the ZooKeeper server and execute commands. The workaround to resolve this issue is to delete the ticket file.