In our Cluster we have MIT Kerberos authentication enabled, we would like to move to AD Authentication, would appreciate if someone could share best practices / documents / how to etc, on how to move forward on this and what changes would be required in order to achieve this mission.
On a high level below are the steps:
Use Cloudera Manager to manage and distribute the krb5.conf that the CDH needs for requesting Kerberos tickets.
Here are the recommended steps:
Also, review below docs:
Enabling Kerberos Authentication for CDH
I hope this helps.
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Thanks for your reply, in my previous post I incorrectly mentioned that we want to move from MIT Kerberos to AD, whereas, we currently have MIT Kerberos (local) working in our cluster and we need that to be integrated with AD.
So basically I am looking to find / get some detailed steps / guides on how to get this done. I have come across some blogs regarding one-way cross-realm trust etc, and a bit confused on these.
Appreciate any help in this regard
If you need to switch to AD based kerberos from MIT, then the following things need to happen: