Re: Impersonate Kerberos user on HDFS

On Thu, 2024-04-11 at 08:24 -0400, Ken Hornstein via Kerberos wrote: > > - impersonate the user as, say, admin, with kinit; e.g. kinit > > - scan all HDFS directories and try to read or write > > > > Does anyone have suggestions? > > In general, your options are: > > - Have access to to user's

Re: Impersonate Kerberos user on HDFS

Ken Hornstein via Kerberos writes: > - Have access to to user's key/password and generate a ticket for that > user using kinit. As someone else already noted, this isn't really > impersonating a user. > - Have access to the TGS key and generate a TGT for that user (or any user). > This is

Re: Impersonate Kerberos user on HDFS

>- impersonate the user as, say, admin, with kinit; e.g. kinit >- scan all HDFS directories and try to read or write > >Does anyone have suggestions? In general, your options are: - Have access to to user's key/password and generate a ticket for that user using kinit. As someone else already

Re: Impersonate Kerberos user on HDFS

On Thu, 11 Apr 2024 at 16:43, Philippe de Rochambeau wrote: > > Hello, > > Let's say a user has the following rights on HDFS (which are constrained > Apache Ranger): > > /prd/a/b/c <- read right > /prd/a/b/d <- read/write right > > I would like to get a broad picture of his/her complete access r