directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Li, Jiajia" <>
Subject Kerby Update
Date Mon, 23 Oct 2017 01:22:08 GMT
Hi all,

Recently we have implemented the cross-realm authentication support, KDC in one realm can
authenticate users in a different realm, so it allows client from another realm to access
the cluster. Cross-realm authentication is accomplished by sharing a secret key between the
two realms. In both backends should have the krbtgt service principals for realms with same
passwords, key version numbers, and encryption types. We have used this feature in Hadoop
cluster, after establishing cross realm trust between two secure Hadoop clusters with their
own realms, copying data between two secure clusters can work now. And this support also can
be used to build trust relationship with MIT Kerberos KDC and we have tested compatibility.

Here is the document about setting up cross realm:


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message