Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to restrict users from same realm to access hadoop services that use spnego auth.

Highlighted

How to restrict users from same realm to access hadoop services that use spnego auth.

New Contributor

When we enable security and spnego in hadoop services (HDFS Web UI, YARN Web UI, etc), all users/principal in same realm can access that service.

How to restrict only users from specific OU or groups is allowed to access hadoop services. Example: only users in OU=HADOOP, DC=REALM,DC=COM can access, while users in OU=SALES,DC=REALM,DC=COM cannot access.

PS: assume Active Directory is used.

Thank you.

Don't have an account?
Coming from Hortonworks? Activate your account here