You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hadoop.apache.org by dna_29a <dn...@mail.ru.INVALID> on 2017/09/07 08:09:46 UTC
Sqoop and kerberos ldap hadoop authentication
Hi,I want to run sqoop jobs under kerberos authentication. If I have a ticket for local Kerberos user (local KDC and user exists as linux user on each host), sqoop works fine. Also, Kerberos uses cross-realm trust and accept Active Directory authentication. In this case, if I got ticket fot AD KDC user, sqoop jobs fails with message "User xxx not found". That means that AD user does not exist on each host of hadoop. After creating user on each host it work fine.
In order to perform SSO principe and not to have a headache mantaining thouthand of users on hadoop hosts, is it possible to configure Sqoop to work with Active Directory KDC users?
Thanks!
Отправлено с устройства Samsung.
Re: Sqoop and kerberos ldap hadoop authentication
Posted by Rams Venkatesh <bi...@gmail.com>.
Yes it works. However this doesn't work with Microsoft SQL server
Sent from my iPhone
> On 7 Sep 2017, at 10:09, dna_29a <dn...@mail.ru.INVALID> wrote:
>
> Hi,
> I want to run sqoop jobs under kerberos authentication. If I have a ticket for local Kerberos user (local KDC and user exists as linux user on each host), sqoop works fine. Also, Kerberos uses cross-realm trust and accept Active Directory authentication. In this case, if I got ticket fot AD KDC user, sqoop jobs fails with message "User xxx not found". That means that AD user does not exist on each host of hadoop. After creating user on each host it work fine.
>
> In order to perform SSO principe and not to have a headache mantaining thouthand of users on hadoop hosts, is it possible to configure Sqoop to work with Active Directory KDC users?
>
> Thanks!
>
>
> Отправлено с устройства Samsung.
Re: Sqoop and kerberos ldap hadoop authentication
Posted by Wei-Chiu Chuang <we...@cloudera.com>.
Hi,
The message "User xxx not found" feels more like group mapping error. Do
you have the relevant logs?
Integrating AD with Hadoop can be non-trivial, and Cloudera's general
recommendation is to use third party authentication integrator like SSSD or
Centrify, instead of using LdapGroupsMapping.
Hope that helps,
Wei-Chiu
On Thu, Sep 7, 2017 at 1:09 AM, dna_29a <dn...@mail.ru.invalid> wrote:
> Hi,
> I want to run sqoop jobs under kerberos authentication. If I have a ticket
> for local Kerberos user (local KDC and user exists as linux user on each
> host), sqoop works fine. Also, Kerberos uses cross-realm trust and accept
> Active Directory authentication. In this case, if I got ticket fot AD KDC
> user, sqoop jobs fails with message "User xxx not found". That means that
> AD user does not exist on each host of hadoop. After creating user on each
> host it work fine.
>
> In order to perform SSO principe and not to have a headache mantaining
> thouthand of users on hadoop hosts, is it possible to configure Sqoop to
> work with Active Directory KDC users?
>
> Thanks!
>
>
> Отправлено с устройства Samsung.
>
--
A very happy Clouderan