Return-Path: 
 <common-dev-return-80958-apmail-hadoop-common-dev-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-dev-archive@www.apache.org
Delivered-To: apmail-hadoop-common-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1D36BEFF5
	for <apmail-hadoop-common-dev-archive@www.apache.org>;
 Mon, 11 Feb 2013 17:57:18 +0000 (UTC)
Received: (qmail 35732 invoked by uid 500); 11 Feb 2013 17:57:16 -0000
Delivered-To: apmail-hadoop-common-dev-archive@hadoop.apache.org
Received: (qmail 35413 invoked by uid 500); 11 Feb 2013 17:57:15 -0000
Mailing-List: contact common-dev-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-dev-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-dev-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-dev@hadoop.apache.org>
List-Id: <common-dev.hadoop.apache.org>
Reply-To: common-dev@hadoop.apache.org
Delivered-To: mailing list common-dev@hadoop.apache.org
Received: (qmail 34995 invoked by uid 99); 11 Feb 2013 17:57:14 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Feb 2013 17:57:14 +0000
Date: Mon, 11 Feb 2013 17:57:14 +0000 (UTC)
From: "Benoy Antony (JIRA)" <jira@apache.org>
To: common-dev@hadoop.apache.org
Message-ID: <JIRA.12631763.1360605420987.273898.1360605434837@arcas>
In-Reply-To: <JIRA.12631763.1360605420987@arcas>
References: <JIRA.12631763.1360605420987@arcas>
Subject: [jira] [Created] (HADOOP-9296) Authenticating users from different
 realm without a trust relationship
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Benoy Antony created HADOOP-9296:
------------------------------------

             Summary: Authenticating users from different realm without a trust relationship
                 Key: HADOOP-9296
                 URL: https://issues.apache.org/jira/browse/HADOOP-9296
             Project: Hadoop Common
          Issue Type: Improvement
          Components: security
            Reporter: Benoy Antony
            Assignee: Benoy Antony


Hadoop Masters (JobTracker and NameNode) and slaves (Data Node and TaskTracker) are part of the Hadoop domain, controlled by Hadoop Active Directory. 
The users belong to the CORP domain, controlled by the CORP Active Directory. 
In the absence of a one way trust from HADOOP DOMAIN to CORP DOMAIN, how will Hadoop Servers (JobTracker, NameNode) authenticate  CORP users ?

The solution and implementation details are in the attachement


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira