[lug] (Virtual) BLUG is ON! Thursday April 9th, 2020 @ 6:30PM (MDT!)

[Bear Giles]

Kerberos

Ironically that's because MacOS uses kerberos internally. Which is good.
But it's made our life extremely difficult when connecting to hadoop
clusters that also use Kerberos authentication because the OS designers
apparently never considered the possibility that anyone other than them or
Active Directory would want to use kerberos.

That might not be an unreasonable assumption, esp. after you've had to deal
with the hadoop ecosystem where every application handles kerberos
configuration differently. But it is an assumption and there are people who
need to connect directly to a kerberized cluster from their laptop/desktop.

We eventually found a workable solution but it took a while. I can't
remember what it was but we added it to our confluence pages. However I've
noticed a lot of people are ssh'ing into a compute node to do their work
instead of running the client software on their laptop.

FWIW windows has similar problems because of the implementation of its
security engine but in some ways it's easier to handle them since Microsoft
needed to support people who needed to connect to kerberized applications.
A developer has to call very different libraries but the system does
acknowledge that it's a reasonable need.

Bear
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20200418/8da67731/attachment.html>