hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wzc <wzc1...@gmail.com>
Subject Re: client authentication when kerberos enabled
Date Tue, 14 Jan 2014 14:42:45 GMT
Any help would be appreciated!


2013/12/25 wzc <wzc1989@gmail.com>

> Hi all,
>
> To access a Kerberos-protected cluster,  our hadoop clients need to get a
> kerberos ticket (kinit user@realm) before submitting jobs. We want our
> clients to  get rid of kerberos password, so we would like to use keytabs
> for authentication. Here we export pincipals with the form
> 'username/host@realm'  and deploy them to our clients' hosts.
>
> In addition, we want to make sure the host in the keytab matches the host
> which one client submit job from.  Currently there is no host check on
> client principal auth.
>
> I have found some jira which maybe helpful:
> https://issues.apache.org/jira/browse/HDFS-1003
> https://issues.apache.org/jira/browse/HADOOP-7215
>
> I have no idea how to achieve it,  I also wonder whether such check is
> reasonable.
> can anyone give me some hint?
>
>
>

Mime
View raw message