Any help would be appreciated!
2013/12/25 wzc <[email protected]> > Hi all, > > To access a Kerberos-protected cluster, our hadoop clients need to get a > kerberos ticket (kinit user@realm) before submitting jobs. We want our > clients to get rid of kerberos password, so we would like to use keytabs > for authentication. Here we export pincipals with the form > 'username/host@realm' and deploy them to our clients' hosts. > > In addition, we want to make sure the host in the keytab matches the host > which one client submit job from. Currently there is no host check on > client principal auth. > > I have found some jira which maybe helpful: > https://issues.apache.org/jira/browse/HDFS-1003 > https://issues.apache.org/jira/browse/HADOOP-7215 > > I have no idea how to achieve it, I also wonder whether such check is > reasonable. > can anyone give me some hint? > > >
