Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # user >> Hadoop security


Copy link to this message
-
Re: Hadoop security
On Mon, Jun 25, 2012 at 8:02 AM, Fabio Pitzolu <[EMAIL PROTECTED]>wrote:

> Hi community!
> I have a question concerning the Hadoop security, in particular I need some
> advice to configure the Kerberos authentication:
>
> 1 - I have an Active Directory domain, do I have to connect the Linux
> Hadoop nodes to the AD domain?
> 2 - Is it possible to use a KDC to authenticate and another KDC for user /
> groups authorization?
>

It is common to create a domain for the linux machines in the cluster with
the principals for the servers (nn/_HOST, jt/_HOST, dn/_HOST, tt/_HOST,
etc. where the _HOST is replaced by the full host name.) If you have an
Active Directory for the users, you need to set up a trust relationship
between the linux KDC and the ActiveDirectory. The other critical piece is
setting up the auth_to_local mapping so that the kerberos principals are
correctly mapped to unix login ids.

This is a common configuration, so you aren't even on the bleeding edge.
*grin*

-- Owen