For helping manage this, Hadoop lets you specify principles of the format
hdfs/_HOST@SOME-REALM. Here _HOST is a special string that Hadoop interprets
and replaces it with the local hostname. You need to create principles per host
though.
+Vinod
On Feb 2, 2014, at 3:14 PM, Koert Kuipers
interesting! thanks for that information, very helpful
On Mon, Feb 3, 2014 at 6:04 PM, Benoy Antony bant...@gmail.com wrote:
Its a bad idea, Koert.
When multiple nodes are using the same principal (in this case all the
datanodes ) , it will result in server assuming that its a replay attack
i
s it necessary to create a kerberos principal for hdfs on every node, as
in hdfs/some-host@SOME-REALM?
why not use one principal hdfs@SOME-REALM? that way i could distribute the
same keytab file to all nodes which makes things a lot easier.
thanks! koert
