Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

I've enabled Kerberos in my Sandbox. Once i get a valid token i can connect to any service with in cluster. I think this is because of SPNEGO. Is there any way to disable SPNEGO to all users and let service/batch accounts use it?

Labels:
avatar
author-rank chrsvarma
Super Collaborator

Created on ‎07-18-2016 07:58 PM - edited ‎09-16-2022 03:30 AM

 
1,235 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎07-19-2016 08:24 PM

@Raja Sekhar Chintalapati

It's not because of SPNEGO, its because, once you get authenticated to KDC, you get initial ticket called TGT, using TGT further authentication happens to get Service level ticket.

If you want to decide which user can access what then probably you are looking for authorization and Rager is the solution for you.

Note - SPNEGO provides a mechanism for extending Kerberos to Web applications through the standard HTTP protocol.

Please do let me know if you need any further help.

View solution in original post

1,153 Views
3 REPLIES 3

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎07-19-2016 08:24 PM

@Raja Sekhar Chintalapati

It's not because of SPNEGO, its because, once you get authenticated to KDC, you get initial ticket called TGT, using TGT further authentication happens to get Service level ticket.

If you want to decide which user can access what then probably you are looking for authorization and Rager is the solution for you.

Note - SPNEGO provides a mechanism for extending Kerberos to Web applications through the standard HTTP protocol.

Please do let me know if you need any further help.

1,154 Views

avatar
author-rank chrsvarma
Super Collaborator

Created ‎07-20-2016 04:52 PM

thank you, this gives me a good idea. let me play with ranger and see what i can accomplish

1,153 Views
0 Kudos

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎07-20-2016 06:09 PM

@Kuldeep Kulkarni great stuff. I find myself getting this confused as well.

1,153 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements