We have Clusters with MIT Kerberos which need some configurations on the client's side in order to work properly, recently the question has been raised if with Active Directory such configurations can be skipped. The end user wants the easier way to get end users working so the questions are:
¿which one is easier to use for end users? We understand that this would be AD
¿with Active Directory only thing you need are your credentials and everything else goes transparently?
¿what are the main differences between the two solutions?
There is very little documentation from cloudera on Active Directory and that its the main reason for this post.
Any tips are welcome.
Thanks in advance
On linux/unix, the configuration is the same.
What operating systems are your users on and how are they accessing hadoop? (Web Browser, command line, third party tool?)
Are your users logging into a domain (if they are on Windows?). If so, is that domain's realm the same one as your hadoop realm?
In order for us to answer your questions more precisely, we'll need to understand your intended use case.
Basically, though, there is no difference for how a client is configured and what requirements there are. Kerberos is a protocol, so, regardless of the type of server, clients' access to the KDC should be relatively the same.
Thanks for your quick response, we are gathering all the information. We are also trying to explain that the client must be configured regardless of the server used (AD or MIT Kerberos) as we found out.
At the moment they just want to know the implications of using either solution, they want to use the more trasparent one for the end user.
Thanks, best regards.
No problem. The only answer we can give without understanding the details of the proposed use cases is to say "it depends".
It depends on how the hadoop cluster realm and user realms are configured and it depends on what client OS they are using to access hadoop resources.