In a Kerberized cluster I am using 2 local KDC master/slave on Namenode1 and Namenode2. I configured one-way trust to Active Directory. Everything works fine on these Namenodes. Is it possible to configure connection from Datanode to Active Directory via local KDC on Namenode? My Datanode has no connection to AD thus I cant work on Datanodes as user from Active Directory.
The thing is that I would like to generate ticket for AD user on the Namenode and work with the same ticket on other hosts, which do not have access to AD (IP address is blocked).