I'm relatively new to Kerberos, so please forgive me if my question might sound dumb.
I'm trying to access a secured Hadoop environment from a Windows machine. The Hadoop cluster uses its own realm. I installed MIT Kerberos on the Windows box and configured it so that I can successfully obtain tickets, but I'd like to see if there is a way to instead use the tickets that are generated through AD when I log on to Windows. My understanding is that a one-way trust between the AD and the cluster's KDC could solve the issue. What's not clear is whether I need to define anything at all at the AD level. I'm thinking that since I'm trying to gain access to the realm associated with the Hadoop cluster, all I need to do is to add a principal to it for the AD realm, the one I want to trust. After that, I would change the krb5.conf file to make sure the AD realm is seen. Am I completely off the mark? If anyone has gone through this scenario, would you mind sharing what needs to be done step-by-step? Thank you very much in advance! ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
