Support Questions
Find answers, ask questions, and share your expertise

How to generate Kerberos ticket once, and forward it to other hosts?

Highlighted

How to generate Kerberos ticket once, and forward it to other hosts?

Expert Contributor

Hi,

In a Kerberized cluster I am using 2 local KDC master/slave on Namenode1 and Namenode2. I configured one-way trust to Active Directory. Everything works fine on these Namenodes. Is it possible to configure connection from Datanode to Active Directory via local KDC on Namenode? My Datanode has no connection to AD thus I cant work on Datanodes as user from Active Directory.

The thing is that I would like to generate ticket for AD user on the Namenode and work with the same ticket on other hosts, which do not have access to AD (IP address is blocked).

Thank you in advance

2 REPLIES 2
Highlighted

Re: How to generate Kerberos ticket once, and forward it to other hosts?

Maybe I am not understanding the scenario completely but I don't think this is possible.

Re: How to generate Kerberos ticket once, and forward it to other hosts?

Expert Contributor

@dvillarreal

Nevermind, I found that HDFS_DELEGATION_TOKEN does the job. Thanks for the answer anyway.