Can anyone answer my questions? Thanks a lot.
---------- Forwarded message ---------- From: Benyi Wang <bewang.t...@gmail.com> Date: Mon, Feb 6, 2012 at 11:07 PM Subject: Hadoop Active Directory Integration To: common-u...@hadoop.apache.org Hi, I have questions about Hadoop Active Directory Integration: 1. When using Active Directory, do we still need to create a Linux account for each user on each Linux node? 2. What about if I enable queue acls and use fairscheduler? Will task trackers send all ACLs check to Active directory? Can I list the user accounts or AD security groups in mapred-queue-acls.xml? Do I need to create those groups in Linux node? 3. Does someone configure Hadoop AD integration in multiple networks? for example, my company have three networks: corp, lab, and prod. A user in "corp" network can log on a window server in lab or prod. If we want to use local MIT KDC and set up "one-way cross-realm trust from this realm to the Active Directory realm" in https://ccp.cloudera.com/display/CDHDOC/Integrating+Hadoop+Security+with+Active+Directory. How to set up Kerberos in such a environment? 4. Is this right? If AD is setup, a window user can remotely submit a mapred job? 5. What about the authorization? Can hadoop configure so that only users in the specified security groups in AD can submit jobs. Thanks. Ben
