hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benyi Wang <bewang.t...@gmail.com>
Subject Hadoop Active Directory Integration
Date Tue, 07 Feb 2012 07:07:29 GMT
Hi,

I have questions about Hadoop Active Directory Integration:

   1. When using Active Directory, do we still need to create a Linux
   account for each user on each Linux node?
   2. What about if I enable queue acls and use fairscheduler? Will task
   trackers send all ACLs check to Active directory? Can I list the user
   accounts or AD security groups in mapred-queue-acls.xml? Do I need to
   create those groups in Linux node?
   3. Does someone configure Hadoop AD integration in multiple networks?
   for example, my company have three networks:  corp,  lab, and prod. A user
   in "corp" network can log on a window server in lab or prod. If we want to
   use local MIT KDC and set up "one-way cross-realm trust from this realm
   to the Active Directory realm" in
   https://ccp.cloudera.com/display/CDHDOC/Integrating+Hadoop+Security+with+Active+Directory.
   How to set up Kerberos in such a environment?
   4. Is this right? If AD is setup, a window user can remotely submit a
   mapred job?
   5. What about the authorization? Can hadoop configure so that only users
   in the specified security groups in AD can submit jobs.

Thanks.

Ben

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message