Hi Antony, Thanks for you answer.
> Though I have not used a certificate for authentication, I had used a 2FA based kerberos authentication. Instead of password , it was Pin and a token. Well, human-client authentication is one point, and thank you for confirming it runs with other authentication forms than login/password scheme. The other point (AFAIU) is Hadoop-component-client authentication <= the second kind of clients. To be more precise, I have __no__ idea how an HBase region server component is using the "keytab" file (on its node) to authenticate itself towards the KDC. And if it's some __Java__ library that is reading and using the "keytab" file, I don't know if this Java library could use certificate too for Kerberos authentication. If you have any thought about this subject (Hadoop-component-client authentication with certificated-based Kerberos authentication, I will happy to read them. Thanks. Regards, Dominique 2018-04-06 2:56 GMT+02:00 Benoy Antony <[email protected]>: > Hi Dominique, > > It should work. This is because the authentication mechanism (password or > certificate) is between the client and KDC (kerberos server). Hadoop never > knows about the password or certificate. The Hadoop servers receive a > service ticket from the client. Client obtains service ticket from KDC. > Thus the authentication mechanism ((password or certificate) is between > the client and KDC. > > Though I have not used a certificate for authentication, I had used a 2FA > based kerberos authentication. Instead of password , it was Pin and a > token. > The process was like this > > >kinit username > > Enter pin and token > > > hadoop fs -ls > > > > > > On Mon, Mar 26, 2018 at 6:36 AM, Dominique De Vito <[email protected]> > wrote: > >> Hi, >> >> Well, Hadoop with authentication works with login/password-pattern >> Kerberos . >> >> However, Kerberos could work with certicate-based authentication too. >> >> Is Hadoop supporting Kerberos authentication with certificate? >> To be more precise (or straight to the point, if you want): is Hadoop >> working when using certificate-based Kerberos authentication ? >> >> Is there any Hadoop cluster out there running with certificate-based >> Kerberos authentication? >> >> Thanks. >> >> Regards, >> Dominique >> >> >
