what is the best approach to connect to separate Hadoop clusters with Kerberos authentication. From the client perspective - We have two keytab files, Kerberos configuration is fine and we can connect to separate clusters using related keytabs. The question is how we can connect to both clusters in the same time?
Asked
Active
Viewed 476 times
0
-
Option 1: enable _trust_ between the two KDCs, and use just one Kerberos ticket for both. Option 2: develop some custom Java code to manage different `UserGroupInformation` objects, with different Kerberos tickets (instead of the default, static UGI) and `doAs` access to each cluster with the appropriate UGI. Option 3: check the Spark feature about authenticating to multiple HDFS with different Kerberos creds (I know it's there but never had the opportunity to use it). – Samson Scharfrichter May 17 '19 at 17:47
-
Thanks for suggestion - we already use Option 1, but it works well only for one KDC, for the second one we're getting - FAILED! [Cloudera][Hardy] (35) Error from server: error code: '0' error message: 'Null user'. What could be a reason? We're using ODBC driver for Hive – Konstantin May 20 '19 at 13:53
-
Looks like the trust does not work - contact your Kerberos and/or ActiveDirectory administrator... – Samson Scharfrichter May 20 '19 at 16:48