[HADOOP-9296] Authenticating users from different realm without a trust relationship - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: None
Component/s: security
Labels:
None

Description

Hadoop Masters (JobTracker and NameNode) and slaves (Data Node and TaskTracker) are part of the Hadoop domain, controlled by Hadoop Active Directory.
The users belong to the CORP domain, controlled by the CORP Active Directory.
In the absence of a one way trust from HADOOP DOMAIN to CORP DOMAIN, how will Hadoop Servers (JobTracker, NameNode) authenticate CORP users ?

The solution and implementation details are in the attachement

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

multirealm.pdf
11/Feb/13 17:57
33 kB
Benoy Antony
HADOOP-9296-1.1.patch
11/Feb/13 19:19
25 kB
Benoy Antony
HADOOP-9296.patch
14/Jan/14 17:37
31 kB
Benoy Antony
HADOOP-9296.patch
14/Jan/14 20:53
30 kB
Benoy Antony

Issue Links

is depended upon by

HBASE-7820 Authenticating users from different realm without a trust relationship

Closed

relates to

HADOOP-9392 Token based authentication and Single Sign On

Open

Sub-Tasks

Ability to plugin custom authentication mechanisms based on Jaas and Sasl

In Progress

Benoy Antony

Activity

People

Assignee:: Benoy Antony

Reporter:: Benoy Antony

Votes:: 0 Vote for this issue

Watchers:: 15 Start watching this issue

Dates

Created:: 11/Feb/13 17:57

Updated:: 16/Oct/17 19:46

Resolved:: 16/Oct/17 19:46