For actuality here a example how to enable an MiTv5 Kerberos <=> Active Directory trust just from scratch. Should work out of the box, just replace the realms: HADOOP1.INTERNAL = local server (KDC) ALO.LOCAL = local kerberos realm AD.REMOTE = AD realm with your servers. The KDC should be inside your hadoop network, the remote AD can be somewhere. 1. Install the bits At the KDC server (CentOS, RHEL - other OS' should have nearly the same bits): yum install krb5-server krb5-libs krb5-workstation -y At the clients (hadoop nodes): yum install krb5-libs krb5-workstation -y Install Java's JCE policy (see Oracle documentation ) on all hadoop nodes. 2. Configure your local KDC /etc/krb5.conf [libdefaults] default_realm = ALO.LOCAL dns_lookup_realm = false dns_lookup_kdc = false kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true max_life = 1d max_renewable_life = 7d renew_lifetime = 7d default_tgs_...
Hey, I'm Alex. I founded X-Warp, Infinimesh, Infinite Devices, Scalytics and worked with Cloudera, E.On, Google, Evariant, and had the incredible luck to build products with outstanding people in my life, across the globe.