First I'd like to say I'm not a Hadoop admin but an SA, so I have little to no experience with Hadoop except for maintaining the OS the software lives on. The question I have is in regards to kerberos authentication and how to set it up properly so it works. The previous installer of Cloudera integrated the kerberos keytab for the service account into the main system keytab. And now that we have switched vendors for AD integration for our Linux services we've run into issues with the authentication as the vendor defaults to maintain the system keytab. We have been told by the AD integration vendor the Hadoop service account keytab should be in it's own separate keytab file so when the AD password for the computer account changes it won't effect Hadoop.
Our Hadoop admins prefer to use the system keytab as the code used within the Hadoop jobs reference the system keytab. So changing how it's done is apparently a big task. Since I'm not well versed in Hadoop I don't know what to look for in the documentation to point them to say "This is how it's done". And I don't have access to support so I'm doing a round about way to get the proper information.
Would someone be so kind as to provide guidance as to where I can find the documentation to show them how it should be done? Or educate me that they are doing it correctly?
... View more