Support Questions

Find answers, ask questions, and share your expertise

I've enabled Kerberos in my Sandbox. Once i get a valid token i can connect to any service with in cluster. I think this is because of SPNEGO. Is there any way to disable SPNEGO to all users and let service/batch accounts use it?

avatar
Super Collaborator
 
1 ACCEPTED SOLUTION

avatar
Master Guru
@Raja Sekhar Chintalapati

It's not because of SPNEGO, its because, once you get authenticated to KDC, you get initial ticket called TGT, using TGT further authentication happens to get Service level ticket.

If you want to decide which user can access what then probably you are looking for authorization and Rager is the solution for you.

Note - SPNEGO provides a mechanism for extending Kerberos to Web applications through the standard HTTP protocol.

Please do let me know if you need any further help.

View solution in original post

3 REPLIES 3

avatar
Master Guru
@Raja Sekhar Chintalapati

It's not because of SPNEGO, its because, once you get authenticated to KDC, you get initial ticket called TGT, using TGT further authentication happens to get Service level ticket.

If you want to decide which user can access what then probably you are looking for authorization and Rager is the solution for you.

Note - SPNEGO provides a mechanism for extending Kerberos to Web applications through the standard HTTP protocol.

Please do let me know if you need any further help.

avatar
Super Collaborator

thank you, this gives me a good idea. let me play with ranger and see what i can accomplish

avatar
Master Guru

@Kuldeep Kulkarni great stuff. I find myself getting this confused as well.