Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

What is the best practices about Kerberos on a multitenant hadoop cluster?

What is the best practices about Kerberos on a multitenant hadoop cluster?

New Contributor

In order to deploy a secured multi tenant Cloudera cluster. we planned to use Kerberos as the main authenticate mechanism. We have planned to deploy many projects/applications on this cluster.

In multi-tenant context, we exploring different options to organize users by groups/projects in Kerberos.

We have identified to possibilities :

  • Option 1 : 1 project = 1 realm containing all user participating to a project.
  • Option 2 : 1 realm for all projects on the same platform (1 platform = 1 realm) + a rule to distinguish the user associated to a project through their principals.

    Syntax : username/project@REALM.com

    Example : bob/data_lake@mycompany.com

Have you any feedback about the best practices of using Kerberos in multi-tenant context ?

PS. if you have another options don't be afraid to share it

Don't have an account?
Coming from Hortonworks? Activate your account here