Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to generate Kerberos ticket once, and forward it to other hosts?

Highlighted

How to generate Kerberos ticket once, and forward it to other hosts?

Expert Contributor

Hi,

In a Kerberized cluster I am using 2 local KDC master/slave on Namenode1 and Namenode2. I configured one-way trust to Active Directory. Everything works fine on these Namenodes. Is it possible to configure connection from Datanode to Active Directory via local KDC on Namenode? My Datanode has no connection to AD thus I cant work on Datanodes as user from Active Directory.

The thing is that I would like to generate ticket for AD user on the Namenode and work with the same ticket on other hosts, which do not have access to AD (IP address is blocked).

Thank you in advance

2 REPLIES 2
Highlighted

Re: How to generate Kerberos ticket once, and forward it to other hosts?

Maybe I am not understanding the scenario completely but I don't think this is possible.

Highlighted

Re: How to generate Kerberos ticket once, and forward it to other hosts?

Expert Contributor

@dvillarreal

Nevermind, I found that HDFS_DELEGATION_TOKEN does the job. Thanks for the answer anyway.

Don't have an account?
Coming from Hortonworks? Activate your account here