Support Questions

Find answers, ask questions, and share your expertise

Who agreed with this topic

Integrate AD for User to Group mapping

Master Collaborator


 we would like to integrate an existing kerberized cluster using dedicated MIT KDC with a corporate AD for user to group mapping. For correct authorization in Sentry hadoop needs to map the user to group. 


The hadoop KDC is not connected/trusted with the org AD, hadoop MIT KDC has different REALM name (like PROD.CLOUDERA.NET) than AD (NICE.COMPANY.COM).


The goal is not PAM - so logging into linux with AD user and password, just the user/group mapping.


Is it possible to configure this setup? What are the options? I have read about Centrify Express but as far as I understood it maps completely everything to AD. So that would mean to migrate all the service principals from MIT KDC to AD - basically new cluster setup.  And thats not an option now.







Who agreed with this topic