Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Enable Kerberos client for Spengo Authentication

Highlighted

Enable Kerberos client for Spengo Authentication

Explorer

Hi,

How we can setup spengo authentication for client when Client and HDP cluster are in different domains.

My hdp cluster is running with ENV.COM.I have installed KDC server.

My Mac is on corporate domain on global.company.com.When i do a klist on mac,it gives me ticket from my corporate domain controller.i cannot use keytab of cluster.

Can someoen help?

2 REPLIES 2
Highlighted

Re: Enable Kerberos client for Spengo Authentication

Super Mentor

@Mudit Kumar

While doing "kinit" you can pass your own "krb5.conf" file which has the info about the KDC/AD server of your own choice.

Example:

env KRB5_CONFIG=/PATH/TO/YOUR/CUSTOM/krb5.conf kinit $ARG1 $ARG2

.

http://web.mit.edu/kerberos/krb5-current/doc/krb_admins/env_variables.html

Highlighted

Re: Enable Kerberos client for Spengo Authentication

@Mudit Kumar You could use your corporate domain and kerberos ticket as long as you have configured one way trust between ENV.COM KDC and your corporate KDC. Here are the steps to perform this configuration:

https://community.hortonworks.com/articles/59635/one-way-trust-mit-kdc-to-active-directory.html

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

Don't have an account?
Coming from Hortonworks? Activate your account here