Home
Arenadata Hadoop
Tutorials
Security
Kerberos
MIT Kerberos

Set up MIT Kerberos server

Mikhail Serov

The cluster to be kerberized should be fully prepared and configured. The configuration can be any. Before you start configuring Kerberos for the cluster, the scheme should contain the MIT KDC principals database and ADPS users database. The logins for all users and services should match in both databases. After Kerberos is configured for the cluster, every user and service will have the corresponding principal.

Additionally to MIT Kerberos, the scheme uses ADPS to manage users permissions. MIT Kerberos handles principals authentication, while ADPS handles principals permissions.

The MIT Kerberos principals database should be synchronized with the ADPS users database. This synchronization is performed manually before configuring Kerberos in the cluster. Every further change to the MIT Kerberos principals database should be duplicated in the ADPS users database.

In this case, while working with ADH cluster, all principals receive TGT from MIT Kerberos KDC.

Found a mistake? Seleсt text and press Ctrl+Enter to report it