interesting! thanks for that information, very helpful
On Mon, Feb 3, 2014 at 6:04 PM, Benoy Antony <[email protected]> wrote: > Its a bad idea, Koert. > When multiple nodes are using the same principal (in this case all the > datanodes ) , it will result in server assuming that its a replay attack > and result in denial of service. > > More details here : > > http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH4/4.2.1/CDH4-Security-Guide/cdh4sg_topic_17.html#concept_hfv_zqw_wj_unique_1 > > and here > http://web.mit.edu/kerberos/krb5-devel/doc/basic/rcache_def.html > > benoy > > > On Sun, Feb 2, 2014 at 3:14 PM, Koert Kuipers <[email protected]> wrote: > >> i >> s it necessary to create a kerberos principal for hdfs on every node, as >> in hdfs/some-host@SOME-REALM? >> why not use one principal hdfs@SOME-REALM? that way i could distribute >> the same keytab file to all nodes which makes things a lot easier. >> thanks! koert >> > >
