[jira] [Commented] (HADOOP-16779) Support dynamic change Kerberos user and KDC to access multiple Hadoop clusters

Mon, 22 Nov 2021 02:39:08 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-16779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17447299#comment-17447299
 ] 

vincent zeng commented on HADOOP-16779:
---------------------------------------

Any progress on this?

> Support dynamic change Kerberos user and KDC to access multiple Hadoop 
> clusters
> -------------------------------------------------------------------------------
>
>                 Key: HADOOP-16779
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16779
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: chendihao
>            Priority: Major
>
> Currently Hadoop relies on Kerberos to do authentication and authorization. 
> For single user, we can initialize  clients with keytab files in command-line 
> or Java program.
> But sometimes we need to access Hadoop as multiple users. For example, we 
> build the web service to view users' HDFS files. We have authorization to get 
> user name and use this user's keytab to login before requesting HDFS. 
> However, this doesn't work for multiple Hadoop clusters and multiple KDC. 
> Currently the only way to do that is enable cross-realm for these KDC. But in 
> some scenarios we can not change the configuration of KDC and want single 
> process to switch the Kerberos user on the fly without much overhead.
> Here is the related discussion in StackOverflow:
>  * 
> [https://stackoverflow.com/questions/15126295/using-java-programmatically-log-in-multiple-kerberos-realms-with-different-keyta#|https://stackoverflow.com/questions/15126295/using-java-programmatically-log-in-multiple-kerberos-realms-with-different-keyta]
>  * 
> [https://stackoverflow.com/questions/57008499/data-transfer-between-two-kerberos-secured-cluster]
>  ,
>  * 
> [https://stackoverflow.com/questions/22047145/hadoop-distcp-between-two-securedkerberos-clusters]
>  ,
>  * 
> [https://stackoverflow.com/questions/39648106/access-two-secured-kerberos-hadoop-hbase-clusters-from-the-same-process]
>  
>  * 
> [https://stackoverflow.com/questions/1437281/reload-kerberos-config-in-java-without-restarting-jvm]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to