Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # user >> kerberos principals per node necessary?


Copy link to this message
-
Re: kerberos principals per node necessary?
Its a bad idea, Koert.
When multiple nodes are using the same principal (in this case all the
datanodes ) ,  it will result in server assuming that its a replay attack
and result in denial of service.

More details here :
http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH4/4.2.1/CDH4-Security-Guide/cdh4sg_topic_17.html#concept_hfv_zqw_wj_unique_1

and here
http://web.mit.edu/kerberos/krb5-devel/doc/basic/rcache_def.html

benoy
On Sun, Feb 2, 2014 at 3:14 PM, Koert Kuipers <[EMAIL PROTECTED]> wrote:
 
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB