Support Questions
Find answers, ask questions, and share your expertise

Configure CDH 7.x Kerberos in multiple Active Directory domains without trust in AD forest.

Configure CDH 7.x Kerberos in multiple Active Directory domains without trust in AD forest.

Expert Contributor

Hello Experts,

 

Any thoughts or documents on how to configure CDH 7.x Kerberos for central authentication with Active Directory where users are in multiple AD domains/realms and no trust setup between domains in an AD forest? I believe SSSD can be configured to authenticate the linux users to multiple AD realms but the question is how CDH cluster services like HDFS can be made to trust kerberos tickets from multiple AD domains.

 

Thanks!

1 REPLY 1

Re: Configure CDH 7.x Kerberos in multiple Active Directory domains without trust in AD forest.

Master Collaborator

@ebeb What you are describing would be a scenario for cross realm trust. In such a scenario you might have all of the cluster principals in realm A and all of the users in Realm B. With Trust established between A and B.

 

Here is the doc for reference: https://docs.cloudera.com/documentation/enterprise/latest/topics/cm_sg_kdc_def_domain_s2.html


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.