Active Directory Integration Specifies that Kerberos principal authentication

Active directory integration specifies that kerberos

This preview shows page 233 - 235 out of 395 pages.

Active Directory Integration Specifies that Kerberos principal authentication is integrated with a Microsoft Active Directory domain. Active Directory realm Specifies the Kerberos realm name of the Active Directory domain. By convention, Kerberos realm names are typically the same as the domain name but in all capital letters. Active Directory domain Specifies the Active Directory domain name. Active Directory integration properties Active Directory server Specifies the fully qualified domain name (FQDN) of the Microsoft Active Directory domain controller. Kerberos Settings for Clusters You can specify Kerberos settings when you create a cluster using the Amazon EMR console, the AWS CLI, or the EMR API. Use the following references to understand the available cluster configuration settings for the Kerberos architecture that you choose. Amazon EMR console settings are shown. For corresponding CLI options, see Configuration Examples (p. 228) . Parameter Description Realm The Kerberos realm name for the cluster. The Kerberos convention is to set this to be the same as the domain name, but in uppercase. For example, for the domain ec2.internal , using EC2.INTERNAL as the realm name. KDC admin password The password used within the cluster for kadmin or kadmin.local . These are command-line interfaces to the Kerberos V5 administration system, which maintains Kerberos principals, password policies, and keytabs for the cluster. Cross-realm trust principal password (optional) Required when establishing a cross-realm trust. The cross-realm principal password, which must be identical across realms. Use a strong password. Active Directory domain join user (optional) Required when using Active Directory in a cross- realm trust. This is the user logon name of an Active Directory account with permission to join computers to the domain. Amazon EMR uses this 227
Image of page 233
Amazon EMR Management Guide Use Kerberos Authentication Parameter Description identity to join the cluster to the domain. For more information, see the section called “Step 3: Add User Accounts to the Domain for the EMR Cluster” (p. 237) . Active Directory domain join password (optional) The password for the Active Directory domain join user. For more information, see the section called “Step 3: Add User Accounts to the Domain for the EMR Cluster” (p. 237) . Configuration Examples The following examples demonstrate security configurations and cluster configurations for common scenarios. AWS CLI commands are shown for brevity. Local KDC The following commands create a cluster with a cluster-dedicated KDC running on the master node. Additional configuration on the cluster is required. For more information, see Configuring a Cluster for Kerberos-Authenticated HDFS Users and SSH Connections (p. 230) .
Image of page 234
Image of page 235

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors