hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wzc <wzc1...@gmail.com>
Subject client authentication when kerberos enabled
Date Tue, 24 Dec 2013 16:53:44 GMT
Hi all,

To access a Kerberos-protected cluster,  our hadoop clients need to get a
kerberos ticket (kinit user@realm) before submitting jobs. We want our
clients to  get rid of kerberos password, so we would like to use keytabs
for authentication. Here we export pincipals with the form
'username/host@realm'  and deploy them to our clients' hosts.

In addition, we want to make sure the host in the keytab matches the host
which one client submit job from.  Currently there is no host check on
client principal auth.

I have found some jira which maybe helpful:
https://issues.apache.org/jira/browse/HDFS-1003
https://issues.apache.org/jira/browse/HADOOP-7215

I have no idea how to achieve it,  I also wonder whether such check is
reasonable.
can anyone give me some hint?

Mime
View raw message