kerberos cross realm configuration for Hortonwork and Cloudera via distcp

Hadoop
The Teradata Portfolio for Hadoop is a flexible offering of products and services for our customers to integrate Hadoop into a Teradata environment and across a broader enterprise architecture, while taking advantage of the world-class Teradata service and support. The Hadoop Channel covers the hardware and software features, tips and best practices on all the components of the Teradata Portfolio for Hadoop.

kerberos cross realm configuration for Hortonwork and Cloudera via distcp

 
Tags (1)
1 REPLY

Re: kerberos cross realm configuration for Hortonwork and Cloudera via distcp

we have a teradata hadoop which is kerberised using hortonworks distribution and needs to talk to a cloudera.

however, cloudera cannot access hortonworks hdfs. we have done some configurations in krb5.conf.

at the moment, both cluster are kerberized but cannot see trust each other via disctp or simple fs command

here are the config for both clusters.

HORTONWORKS cluster:

krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = INDLIN4625.KERBEROS.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 INDLIN4625.KERBEROS.COM = {
kdc = indlin4625.corp.amdocs.com
admin_server = indlin4625.corp.amdocs.com
default_domain = indlin4625.kerberos.com

}
 INSIONFT01.KERBEROS.COM = {
kdc = insionft01.corp.amdocs.com
admin_server = insionft01.corp.amdocs.com
default_domain = insionft01.kerberos.com
}

[domain_realm]
#.corp.amdocs.com = INDLIN4625.KERBEROS.COM
# corp.amdocs.com = INDLIN4625.KERBEROS.COM
#.corp.amdocs.com = INSIONFT01.KERBEROS.COM
# corp.amdocs.com = INSIONFT01.KERBEROS.COM
insionft01.kerberos.com = INSIONFT01.KERBEROS.COM
indlin4625.kerberos.com = INDLIN4625.KERBEROS.COM

 

CLOUDERA cluster

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = INDLIN4625.KERBEROS.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 INDLIN4625.KERBEROS.COM = {
#  kdc = indlin4625.INDLIN4625.KERBEROS.COM:88
#  admin_server = indlin4625.INDLIN4625.KERBEROS.COM:749
#  default_domain = INDLIN4625.KERBEROS.COM
kdc = indlin4625.corp.amdocs.com
admin_server = indlin4625.corp.amdocs.com
default_domain = indlin4625.kerberos.com

}
 INSIONFT01.KERBEROS.COM = {
#kdc = insionft01.INSIONFT01.KERBEROS.COM
#admin_server = insionft01.INSIONFT01.KERBEROS.COM
#default_domain = INSIONFT01.KERBEROS.COM
kdc = insionft01.corp.amdocs.com
admin_server = insionft01.corp.amdocs.com
default_domain = insionft01.kerberos.com
}

[domain_realm]
#.corp.amdocs.com = INDLIN4625.KERBEROS.COM
# corp.amdocs.com = INDLIN4625.KERBEROS.COM
#.corp.amdocs.com = INSIONFT01.KERBEROS.COM
# corp.amdocs.com = INSIONFT01.KERBEROS.COM
insionft01.kerberos.com = INSIONFT01.KERBEROS.COM
indlin4625.kerberos.com = INDLIN4625.KERBEROS.COM
#indlin4625.corp.amdocs.com = INDLIN4625.KERBEROS.COM
#insionft01.corp.amdocs.com = INSIONFT01.KERBEROS.COM

 

we have also added rules to <name>hadoop.security.auth_to_local</name> the other realm but still not working.

can someone help us?

 

thank you.