Support Questions
Find answers, ask questions, and share your expertise

Enable Kerberos client for Spengo Authentication

Explorer

Hi,

How we can setup spengo authentication for client when Client and HDP cluster are in different domains.

My hdp cluster is running with ENV.COM.I have installed KDC server.

My Mac is on corporate domain on global.company.com.When i do a klist on mac,it gives me ticket from my corporate domain controller.i cannot use keytab of cluster.

Can someoen help?

2 REPLIES 2

Super Mentor

@Mudit Kumar

While doing "kinit" you can pass your own "krb5.conf" file which has the info about the KDC/AD server of your own choice.

Example:

env KRB5_CONFIG=/PATH/TO/YOUR/CUSTOM/krb5.conf kinit $ARG1 $ARG2

.

http://web.mit.edu/kerberos/krb5-current/doc/krb_admins/env_variables.html

@Mudit Kumar You could use your corporate domain and kerberos ticket as long as you have configured one way trust between ENV.COM KDC and your corporate KDC. Here are the steps to perform this configuration:

https://community.hortonworks.com/articles/59635/one-way-trust-mit-kdc-to-active-directory.html

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

; ;