Support Questions
Find answers, ask questions, and share your expertise

How to restrict users from same realm to access hadoop services that use spnego auth.


When we enable security and spnego in hadoop services (HDFS Web UI, YARN Web UI, etc), all users/principal in same realm can access that service.

How to restrict only users from specific OU or groups is allowed to access hadoop services. Example: only users in OU=HADOOP, DC=REALM,DC=COM can access, while users in OU=SALES,DC=REALM,DC=COM cannot access.

PS: assume Active Directory is used.

Thank you.