09-18-2017 07:46 AM
Does Cloudera require MIT Kerberos client to be on a WIN client accessing a CDH cluster? Will access work with AD on WIN client (to access CDH cluster on RHEL)?
As of now, I have the CDH cluster on RHEL but using AD and a business Intelligence app running on a WIN server (client) also with AD, both in the same REALM.
I was looking for WIN OS steps to initiate kinit on behalf of the remote session by a user since user could not do a kinit on the server for each session, I do not want to use keytab.
On a Linux client, I was able to enable PAM to kinit the remote logger and some additional steps configured for the BI app, I was able to obtain the ticket.
I found the following steps to do the same for WIN:
- AllowTgtSessionKey registry set to 1
- “Thrust this computer for delegation to any service (Kerberos only)” in Active Directory for the server machine
- Kerberos tickets set to "Forwardable" and Delegation enabled
I am unsure if there are any extra steps to be done...and also to confirm if CDH "requires" MIT Kerberos or AD Kerberos will work?
Thank you in advance for your time and thoughts.