Hadoop, mail # general - Re: kerberos principals per node necessary? - 2014-02-03, 23:05
Solr & Elasticsearch trainings in New York & San Francisco [more info][hide]
 Search Hadoop and all its subprojects:

Switch to Threaded View
Copy link to this message
-
Re: kerberos principals per node necessary?
Its a bad idea, Koert.
When multiple nodes are using the same principal (in this case all the
datanodes ) ,  it will result in server assuming that its a replay attack
and result in denial of service.

More details here :
http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH4/4.2.1/CDH4-Security-Guide/cdh4sg_topic_17.html#concept_hfv_zqw_wj_unique_1

and here
http://web.mit.edu/kerberos/krb5-devel/doc/basic/rcache_def.html

benoy
On Sun, Feb 2, 2014 at 3:14 PM, Koert Kuipers <[EMAIL PROTECTED]> wrote:
 
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB