Support Questions

ebeb · ‎12-22-2020

Hello Experts,

Any thoughts or documents on how to configure CDH 7.x Kerberos for central authentication with Active Directory where users are in multiple AD domains/realms and no trust setup between domains in an AD forest? I believe SSSD can be configured to authenticate the linux users to multiple AD realms but the question is how CDH cluster services like HDFS can be made to trust kerberos tickets from multiple AD domains.

Thanks!

GangWar · ‎01-12-2021

@ebeb What you are describing would be a scenario for cross realm trust. In such a scenario you might have all of the cluster principals in realm A and all of the users in Realm B. With Trust established between A and B.

Here is the doc for reference: https://docs.cloudera.com/documentation/enterprise/latest/topics/cm_sg_kdc_def_domain_s2.html

Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Cloudera Community

Support Questions

Configure CDH 7.x Kerberos in multiple Active Directory domains without trust in AD forest.