Kerberos trust
Mauro Cazzari
mymagicid at gmail.com
Wed Apr 13 10:48:04 EDT 2016
I'm relatively new to Kerberos, so please forgive me if my question might
sound dumb.
I'm trying to access a secured Hadoop environment from a Windows machine.
The Hadoop cluster uses its own realm. I installed MIT Kerberos on the
Windows box and configured it so that I can successfully obtain tickets,
but I'd like to see if there is a way to instead use the tickets that are
generated through AD when I log on to Windows. My understanding is that a
one-way trust between the AD and the cluster's KDC could solve the issue.
What's not clear is whether I need to define anything at all at the AD
level. I'm thinking that since I'm trying to gain access to the realm
associated with the Hadoop cluster, all I need to do is to add a principal
to it for the AD realm, the one I want to trust. After that, I would change
the krb5.conf file to make sure the AD realm is seen.
Am I completely off the mark? If anyone has gone through this scenario,
would you mind sharing what needs to be done step-by-step?
Thank you very much in advance!
More information about the Kerberos
mailing list