Created on
06-05-2020
02:42 AM
- last edited on
06-05-2020
05:13 AM
by
VidyaSargur
Hello,
In our Cluster we have MIT Kerberos authentication enabled, we would like to move to AD Authentication, would appreciate if someone could share best practices / documents / how to etc, on how to move forward on this and what changes would be required in order to achieve this mission.
Regards
Amn
Created 06-05-2020 06:35 AM
On a high level below are the steps:
Use Cloudera Manager to manage and distribute the krb5.conf that the CDH needs for requesting Kerberos tickets.
Here are the recommended steps:
Also, review below docs:
Enabling Kerberos Authentication for CDH
I hope this helps.
Thanks,
Tarun
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Created 06-17-2020 10:42 PM
Hi @tjangid
Thanks for your reply, in my previous post I incorrectly mentioned that we want to move from MIT Kerberos to AD, whereas, we currently have MIT Kerberos (local) working in our cluster and we need that to be integrated with AD.
So basically I am looking to find / get some detailed steps / guides on how to get this done. I have come across some blogs regarding one-way cross-realm trust etc, and a bit confused on these.
Appreciate any help in this regard
Thanks
Created 07-16-2020 05:44 PM
If you need to switch to AD based kerberos from MIT, then the following things need to happen: