mapr.login.conf

The MapR Converged Data Platform uses the Java Authentication and Authorization Service (JAAS) to control security features. The /opt/mapr/conf/mapr.login.conf file specifies configuration parameters for JAAS. Contact MapR support before changing any parameters in this file other than the ones listed in this document.

The MAPR_SERVER_KERBEROS Stanza

The CLDB uses this stanza to verify users that are authenticating with Kerberos. This stanza requires the com.sun.security.auth.module.Krb5LoginModule module.

Attribute	Default Value	Description
keyTab	"/opt/mapr/conf/mapr.keytab"	File path to the keytab file.
principal	"mapr/my.cluster.com"	The Kerberos principal to use.

The MAPR_WEBSERVER_KERBEROS Stanza

Web UIs on the cluster use this stanza to evaluate SPNEGO requests. This stanza requires the com.sun.security.auth.module.Krb5LoginModule module.

Attribute	Default Value	Description
keyTab	"/opt/mapr/conf/mapr.keytab"	File path to the keytab file.
principal	"HTTP/yourhost"	The principal must be HTTP. This principal is used to negotiate authentication for Web services over SPNEGO. You can set the value for yourhost manually, but be aware that you must set the principal in the `mapr.keytab` file to match this value.

The jpamLogin Stanza

The MapR cluster uses this stanza to verify user ID and password authentication to all the servers on the cluster. You can modify this stanza to alter the PAM configuration used by the cluster. The net.sf.jpam.jaas.JpamLoginModule module is sufficient for this stanza. There are three provided default services. The order of the serviceName in the stanza (at cluster startup) determines which PAM configuration file to use. If a failure occurs with a configuration, MapR ignores the error and proceeds with the next entry.

Attribute Provided Default Values Description

Attribute	Provided Default Values	Description
serviceName	`sudo` `sshd` `mapr-admin`	The PAM configurations to use for validating passwords, shown in their order of use. The configuration files are typically in `/etc/pam.d`.

serviceName

The PAM configurations to use for validating passwords, shown in their order of use.

The configuration files are typically in /etc/pam.d.

Other Stanzas

The Server, Client, Server_simple, Client_simple, and hadoop_maprsasl stanzas control important aspects of your cluster's stability. Consult with MapR support before modifying these stanzas.