Support Questions
Find answers, ask questions, and share your expertise

What is the best practices about Kerberos on a multitenant hadoop cluster?

What is the best practices about Kerberos on a multitenant hadoop cluster?

New Contributor

In order to deploy a secured multi tenant Cloudera cluster. we planned to use Kerberos as the main authenticate mechanism. We have planned to deploy many projects/applications on this cluster.

In multi-tenant context, we exploring different options to organize users by groups/projects in Kerberos.

We have identified to possibilities :

  • Option 1 : 1 project = 1 realm containing all user participating to a project.
  • Option 2 : 1 realm for all projects on the same platform (1 platform = 1 realm) + a rule to distinguish the user associated to a project through their principals.

    Syntax : username/project@REALM.com

    Example : bob/data_lake@mycompany.com

Have you any feedback about the best practices of using Kerberos in multi-tenant context ?

PS. if you have another options don't be afraid to share it