hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benyi Wang <bewang.t...@gmail.com>
Subject Fwd: Hadoop Active Directory Integration
Date Wed, 08 Feb 2012 18:43:38 GMT
Can anyone answer my questions?

Thanks a lot.

---------- Forwarded message ----------
From: Benyi Wang <bewang.tech@gmail.com>
Date: Mon, Feb 6, 2012 at 11:07 PM
Subject: Hadoop Active Directory Integration
To: common-user@hadoop.apache.org


Hi,

I have questions about Hadoop Active Directory Integration:

   1. When using Active Directory, do we still need to create a Linux
   account for each user on each Linux node?
   2. What about if I enable queue acls and use fairscheduler? Will task
   trackers send all ACLs check to Active directory? Can I list the user
   accounts or AD security groups in mapred-queue-acls.xml? Do I need to
   create those groups in Linux node?
   3. Does someone configure Hadoop AD integration in multiple networks?
   for example, my company have three networks:  corp,  lab, and prod. A user
   in "corp" network can log on a window server in lab or prod. If we want to
   use local MIT KDC and set up "one-way cross-realm trust from this realm
   to the Active Directory realm" in
   https://ccp.cloudera.com/display/CDHDOC/Integrating+Hadoop+Security+with+Active+Directory.
   How to set up Kerberos in such a environment?
   4. Is this right? If AD is setup, a window user can remotely submit a
   mapred job?
   5. What about the authorization? Can hadoop configure so that only users
   in the specified security groups in AD can submit jobs.

Thanks.

Ben

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message