Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

I've enabled Kerberos in my Sandbox. Once i get a valid token i can connect to any service with in cluster. I think this is because of SPNEGO. Is there any way to disable SPNEGO to all users and let service/batch accounts use it?

Labels:
avatar
author-rank chrsvarma
Super Collaborator

Created on ‎07-18-2016 07:58 PM - edited ‎09-16-2022 03:30 AM

 
867 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎07-19-2016 08:24 PM

@Raja Sekhar Chintalapati

It's not because of SPNEGO, its because, once you get authenticated to KDC, you get initial ticket called TGT, using TGT further authentication happens to get Service level ticket.

If you want to decide which user can access what then probably you are looking for authorization and Rager is the solution for you.

Note - SPNEGO provides a mechanism for extending Kerberos to Web applications through the standard HTTP protocol.

Please do let me know if you need any further help.

View solution in original post

785 Views
3 REPLIES 3

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎07-19-2016 08:24 PM

@Raja Sekhar Chintalapati

It's not because of SPNEGO, its because, once you get authenticated to KDC, you get initial ticket called TGT, using TGT further authentication happens to get Service level ticket.

If you want to decide which user can access what then probably you are looking for authorization and Rager is the solution for you.

Note - SPNEGO provides a mechanism for extending Kerberos to Web applications through the standard HTTP protocol.

Please do let me know if you need any further help.

786 Views

avatar
author-rank chrsvarma
Super Collaborator

Created ‎07-20-2016 04:52 PM

thank you, this gives me a good idea. let me play with ranger and see what i can accomplish

785 Views
0 Kudos

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎07-20-2016 06:09 PM

@Kuldeep Kulkarni great stuff. I find myself getting this confused as well.

785 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements