[37474] in Kerberos
Kerberos trust
daemon@ATHENA.MIT.EDU (Mauro Cazzari)
Wed Apr 13 10:50:52 2016
MIME-Version: 1.0
Date: Wed, 13 Apr 2016 10:48:04 -0400
Message-ID: <CAFUXA2AjXoLV0ux+EgMzRMAzJhL1VCFHzyNZNHbbdRC8OEwwsA@mail.gmail.com>
From: Mauro Cazzari <mymagicid@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I'm relatively new to Kerberos, so please forgive me if my question might
sound dumb.
I'm trying to access a secured Hadoop environment from a Windows machine.
The Hadoop cluster uses its own realm. I installed MIT Kerberos on the
Windows box and configured it so that I can successfully obtain tickets,
but I'd like to see if there is a way to instead use the tickets that are
generated through AD when I log on to Windows. My understanding is that a
one-way trust between the AD and the cluster's KDC could solve the issue.
What's not clear is whether I need to define anything at all at the AD
level. I'm thinking that since I'm trying to gain access to the realm
associated with the Hadoop cluster, all I need to do is to add a principal
to it for the AD realm, the one I want to trust. After that, I would change
the krb5.conf file to make sure the AD realm is seen.
Am I completely off the mark? If anyone has gone through this scenario,
would you mind sharing what needs to be done step-by-step?
Thank you very much in advance!
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
