What's the differnece between service principals and user principals?

Asked Apr 11 '19 at 17:16

Active Apr 13 '19 at 00:09

Viewed 204 times

I'm setting up a Kafka-cluster with kerberos, and the instructions/documentation is a little sparse when it comes to multi-node clusters (specifically the service principals.

What's the differnece between service principals and user principals (apart from the fqdn component and preauth). What advantages/disadvanges will there be if i tried to run kafka brokers with user keytabs rather than service keytabs.

edited Apr 13 '19 at 00:09

OneCricketeer

179,855
19
132
245

asked Apr 11 '19 at 17:16

james

In a strictly kerberos-sense a user principal and service principal only differ by name format. A user has a form of `user@realm` and service principal has a form of `service/principal@realm`. A client running as a user principal will get a ticket on behalf of that user targeting a service principal. So your kafka cluster is a service principal when receiving tickets to authenticate users. – Steve Apr 11 '19 at 22:16
I believe Hortonworks and Cloudera have documentation on this. They have an automated process to set it up, though – OneCricketeer Apr 13 '19 at 00:10

What's the differnece between service principals and user principals?

0 Answers0