Any thoughts or documents on how to configure CDH 7.x Kerberos for central authentication with Active Directory where users are in multiple AD domains/realms and no trust setup between domains in an AD forest? I believe SSSD can be configured to authenticate the linux users to multiple AD realms but the question is how CDH cluster services like HDFS can be made to trust kerberos tickets from multiple AD domains.
@ebebWhat you are describing would be a scenario for cross realm trust. In such a scenario you might have all of the cluster principals in realm A and all of the users in Realm B. With Trust established between A and B.