Hadoop Elephant in Active Directory Forest. Marek Gawiński, Arkadiusz Osiński Allegro Group
|
|
- Sherilyn Wilkerson
- 8 years ago
- Views:
Transcription
1 Hadoop Elephant in Active Directory Forest Marek Gawiński, Arkadiusz Osiński Allegro Group
2
3 Agenda Goals and motivations Technology stack Architecture evolution Automation integrating new servers Making AD users and groups visible to Linux Making architecture non-vulnerable to AD service inaccessibility Auto-deployment clients software on desktops
4 Allegro Hadoop cluster in numbers 4 terabytes RAM 2 petabytes disk space 47 datanodes 79 projects 612 users
5 Goals and motivations Secured cluster Central authentication and authorisation Compliance for real and project users and groups Cluster resources available from desktop Integrating new servers automatically Making whole architecture non-vulnerable for failures or timeouts to AD Auto-deployment and autoconfiguration of Hadoop clients software on users desktops
6 Technology stack Cloudera CDH5 MIT Kerberos Microsoft Active Directory FreeIPA sssd puppet msktutil Hadoop desktop client
7 History - FreeIPA+FreeIPA Kerberos In te rn al ha do op FreeIPA User cr ed Chec k gro Kerberos Service Ticket ups Check user/pass s Secured Hadoop cluster Local groups management User/pass Client Kerberos KDC
8 History - FreeIPA+own Kerberos Secured Hadoop cluster Chec Internal hadoop creds k gro Kerberos Service Ticket ups Check user/pass FreeIPA User Local groups management User/pass Client Kerberos KDC Kerberos KDC MIT
9 History - FreeIPA+own Kerberos+AD In te rn al ha do op FreeIPA User cr ed Chec k gro ups Ch kg ec Kerberos Service Ticket Local groups management ps u ro Check user/pass s Secured Hadoop cluster User/pass Client Kerberos KDC MIT Us e r/p s Check user/pass as AD User&Groups AD Kerberos
10 Final - own Kerberos+AD In te rn al ha do op cr ed s Secured Hadoop cluster Ch kg ec Kerberos Service Ticket ps u ro Client Kerberos KDC MIT Us e r/p s Check user/pass as AD User&Groups AD Kerberos
11 Integrating new Linux servers automatically with AD Kerberos keytab user e t a Cre AD Kerberos Msktutil Create AD User&Groups princip al
12 Integrating new Linux servers automatically with AD define get_ad_keytab ( $path = '',...) {... $realm = 'SOME_REALM' $pass = hiera('hadoop_prod/ad/krb_manager_pass') $principal = "${title}/${host}@${realm}" $command = "echo ${pass} kinit _hadoop_manager@${realm}; \ /usr/local/bin/add_ad_princ.sh ${title} ${host} ${path}; kdestroy"... msktutil -c -s $PRINCIPAL --upn $PRINCIPAL -k $KEYTAB \ --computer-name $COMPUTER_NAME \ --server $SERVER_KRB \ --realm $REALM \ -b $USER_LDAP_ROOT \ --dont-expire-password \ --description "\"$DESCRIPTION\"" \ --user-creds-only
13 Integrating new Linux servers automatically with AD klist -ket Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal /17/ :26:45 (aes256-cts-hmac-sha1-96) 1 08/17/ :26:45 host/nn1.local@ipa.realm (aes128-cts-hmac-sha1-96) 1 08/17/ :26:45 host/nn1.local@ipa.realm (des3-cbc-sha1) 1 08/17/ :26:45 host/nn1.local@ipa.realm (arcfour-hmac) 1 08/17/ :26:45 host/nn1.local@ipa.realm (camellia128-cts-cmac) 1 08/17/ :26:45 host/nn1.local@ipa.realm (camellia256-cts-cmac) 4 08/17/ :30:23 91c76848bc458b62e67$@AD.REALM (arcfour-hmac) 4 08/17/ :30:23 91c76848bc458b62e67$@AD.REALM (aes128-cts-hmac-sha1-96) 4 08/17/ :30:23 91c76848bc458b62e67$@AD.REALM (aes256-cts-hmac-sha1-96) 4 08/17/ :30:23 host/nn1.local@ad.realm (arcfour-hmac) 4 08/17/ :30:23 host/nn1.local@ad.realm (aes128-cts-hmac-sha1-96) 4 08/17/ :30:23 host/nn1.local@ad.realm (aes256-cts-hmac-sha1-96)
14 Integrating new Linux servers automatically with AD Separated Subtree in AD structure
15 System Security Services Daemon Identity and authentication Multiple providers (FreeIPA, LDAP, AD) High availability for backends Provides PAM and NSS modules Caching > 1.11.x - stable support for AD forest auth
16 System Security Services Daemon /etc/sssd/sssd.conf [domain/ad.realm] id_provider = ad ad_server = h1, h2, h3 ad_backup_server = hb1, hb2, hb3 auth_provider = ad chpass_provider = ad access_provider = ad enumerate = False krb5_realm = AD.REALM ldap_schema = ad ldap_id_mapping = True cache_credentials = True ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true fallback_homedir = /home/ad.realm/%u default_shell = /bin/false ldap_referrals = false AD schema with no modifications root@nn1:~# id _hc_tech_prod tr "," "\n" uid= (_hc_tech_prod) gid= (domain users) groups= (domain users) (_gr_hc_users_common) (_gr_hc_hadoop_prod) (_gr_hc_project1_prod) (_gr_hc_project2_prod)
17 Making whole architecture nonvulnerable for failures Active Closest DC Fallback servers in Remote DC Local filesystem nss cache /etc/sssd/sssd.conf [nss] memcache_timeout = 3600
18 Auto-deployment and autoconfiguration on desktops Install script for Hadoop Client on desktops Refresh configs with currently prod environment Support for HDFS/YARN/Hive/Spark [marek.gawinski:~/allehadoop] $ sh env.sh Password for marek.gawinski@ad.realm: ************** [marek.gawinski:~/allehadoop] $ klist Ticket cache: FILE:/tmp/krb5cc_ Default principal: marek.gawinski@ad.realm Valid starting Expires 09/04/15 23:31:35 09/05/15 09:31:35 renew until 09/11/15 23:31:33 Service principal krbtgt/ad.realm@ad.realm
19 Auto-deployment and autoconfiguration on desktops [marek.gawinski:~/allehadoop] Found 8 items drwxr-xr-x - marek.gawinski drwxr-xr-x - marek.gawinski drwxr-xr-x - marek.gawinski drwx marek.gawinski drwxr-xr-x - marek.gawinski -rw-r--r-3 marek.gawinski -rw-r--r-3 marek.gawinski drwxr-xr-x - marek.gawinski $ hdfs dfs -ls hadoop hadoop hadoop hadoop hadoop hadoop hadoop hadoop [marek.gawinski:~/allehadoop] $ hive hive (default)> show databases; OK database_name tpch_benchmarks... xwing_poc Time taken: seconds, Fetched: 72 row(s) hive (default)> set hive.execution.engine = tez; hive (default)> select count(*) from table1; 02:00 21:01 10:43 02:35 13:11 15:26 12:30 16:21.Trash.hiveJars.sparkStaging.staging oozie1 ozzietest1.hql pwd.txt tables
20 Auto-deployment and autoconfiguration on desktops
21 Auto-deployment and autoconfiguration on desktops
22 Auto-deployment and autoconfiguration on desktops
23 Auto-deployment and autoconfiguration on desktops
24 Benefits One standard for access control to all company resources Every new employee automatically can play with Hadoop with no additional effort One password to all systems
25 Thank you! Questions?
System Security Services Daemon
System Security Services Daemon System Security Services Daemon Manages communication with centralized identity and authentication stores Provides robust, predictable caching for network accounts Can cache
More informationRHEL Clients to AD Integrating RHEL clients to Active Directory
RHEL Clients to AD Integrating RHEL clients to Active Directory Presenter Dave Sullivan Sr. TAM, Red Hat 2013-09-03 Agenda Review Dmitri Pal and Simo Sorce Preso Legacy RHEL hook to AD RHEL Direct--->sssd--->AD
More informationSSSD Active Directory Improvements
FreeIPA Training Series SSSD Active Directory Improvements Jakub Hrozek January 2013 Contents of the presentation 1.Overview of Active Directory related improvements 2.Range attributes support 3.Mapping
More informationImplementing Linux Authentication and Authorisation Using SSSD
Implementing Linux Authentication and Authorisation Using SSSD Lawrence Kearney Enterprise Service and Integration Specialist Technology Transfer Partnership (TTP) lawrence.kearney@earthlink.net Mark Robinson
More informationSSSD. Client side identity management. LinuxAlt 2012 Jakub Hrozek 3. listopadu 2012
Client side identity management LinuxAlt 2012 Jakub Hrozek 3. listopadu 2012 Section 1 Centralized user databases Centralized user databases User accounts in a large environment it is not practical to
More informationAdvancements in Linux Authentication and Authorisation using SSSD
Managing an Enterprise Series and Authorisation using SSSD Lawrence Kearney Enterprise Workgroup and Service Analyst e. lawrence.kearney@earthlink.net w. www.lawrencekearney.com How SSSD came to our infrastructure
More informationCAC AND KERBEROS FROM VISION TO REALITY
CAC AND KERBEROS FROM VISION TO REALITY Mil OSS Conference 2011 Dmitri Pal Sr. Engineering Manager Red Hat Inc. Aug 31, 2011 Outline Setting up context... Card authentication now Open issues Pieces of
More informationUnivention Corporate Server. Extended domain services documentation
Univention Corporate Server Extended domain services documentation 2 Table of Contents 1. Integration of Ubuntu clients into a UCS domain... 4 1.1. Integration into the LDAP directory and the SSL certificate
More informationInteroperability Update: Red Hat Enterprise Linux 7 beta and Microsoft Windows
Interoperability Update: Red Hat Enterprise 7 beta and Microsoft Windows Mark Heslin Principal Systems Engineer Red Hat Systems Engineering Dmitri Pal Senior Engineering Manager Red Hat Software Engineering
More informationKerberos and Active Directory symmetric cryptography in practice COSC412
Kerberos and Active Directory symmetric cryptography in practice COSC412 Learning objectives Understand the function of Kerberos Explain how symmetric cryptography supports the operation of Kerberos Summarise
More informationIdentity Management based on FreeIPA
Identity Management based on FreeIPA SLAC 2014 Thorsten Scherf Red Hat EMEA What is an Identity Management System (IdM) An IdM system is a set of services and rules to manage the users of an organization
More informationDocument Type: Best Practice
Global Architecture and Technology Enablement Practice Hadoop with Kerberos Deployment Considerations Document Type: Best Practice Note: The content of this paper refers exclusively to the second maintenance
More informationCentrify Server Suite 2015.1 For MapR 4.1 Hadoop With Multiple Clusters in Active Directory
Centrify Server Suite 2015.1 For MapR 4.1 Hadoop With Multiple Clusters in Active Directory v1.1 2015 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. 1 Contents General Information 3 Centrify Server Suite for
More informationIntegrating Linux systems with Active Directory
Integrating Linux systems with Active Directory Dmitri Pal Engineering Director, Red Hat, Inc. Security Camp at BU Agenda Problem statement Aspects of integration Integration options Recommendations Security
More informationGoing in production Winbind in large AD domains today. Günther Deschner gd@samba.org. (Red Hat / Samba Team)
Going in production Winbind in large AD domains today Günther Deschner gd@samba.org (Red Hat / Samba Team) Agenda To go where no one has gone before Winbind scalability Find Domain Controllers Active Directory
More informationIntegration with Active Directory. Jeremy Allison Samba Team
Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory Unlike the earlier Microsoft Windows NT 4.x Domain directory service which used proprietary DCE/RPC calls,
More informationIntegrating Red Hat Enterprise Linux 6 with Microsoft Active Directory Presentation
Integrating Red Hat Enterprise Linux 6 with Microsoft Active Directory Presentation Agenda Overview Components Considerations Configurations Futures Summary What is needed? Thorough understanding components,
More informationFreeIPA Cross Forest Trusts
Alexander Bokovoy Andreas Schneider May 10th, 2012 1 FreeIPA What is FreeIPA? Cross Forest Trusts 2 Samba 3 Demo Talloc Tutorial Pavel Brezina wrote Talloc tutorial! http://talloc.samba.org/
More informationKerberos + Android. A Tale of Opportunity. Slide 1 / 39. Copyright 2012 yassl
Kerberos + Android A Tale of Opportunity Slide 1 / 39 Platform Decisions The Statistics Slide 2 / 39 Why Go Mobile? 80% of the world's population now has a mobile phone. ( 5 Billion Phones ) Slide 3 /
More informationFreeIPA 3.3 Trust features
FreeIPA 3.3 features Sumit Bose, Alexander Bokovoy March 2014 FreeIPA and Active Directory FreeIPA and Active Directory both provide identity management solutions on top of the Kerberos infrastructure
More informationConfiguring Hadoop Security with Cloudera Manager
Configuring Hadoop Security with Cloudera Manager Important Notice (c) 2010-2015 Cloudera, Inc. All rights reserved. Cloudera, the Cloudera logo, Cloudera Impala, and any other product or service names
More informationSUSE Manager 1.2.x ADS Authentication
Best Practice www.suse.com SUSE Manager 1.2.x ADS Authentication How to use MS-ADS authentiction (Version 0.7 / March 2 nd 2012) P r e f a c e This paper should help to integrate SUSE Manager to an existing
More informationBuilding Open Source Identity Management with FreeIPA. Martin Kosek mkosek@redhat.com http://www.oss4b.it/
Building Open Source Identity Management with FreeIPA Martin Kosek mkosek@redhat.com http:/// OSS4B 2013 - Open Source Software for Business 19-20 September 2013, Monash University Prato Centre Prato,
More informationCDH 5 Quick Start Guide
CDH 5 Quick Start Guide Important Notice (c) 2010-2015 Cloudera, Inc. All rights reserved. Cloudera, the Cloudera logo, Cloudera Impala, and any other product or service names or slogans contained in this
More informationOlivier Renault Solu/on Engineer Hortonworks. Hadoop Security
Olivier Renault Solu/on Engineer Hortonworks Hadoop Security Agenda Why security Kerberos HDFS ACL security Network security - KNOX Hive - doas = False - ATZ-NG YARN ACL p67-91 Capacity scheduler ACL Killing
More informationWindows Security and Directory Services for UNIX using Centrify DirectControl
SOLUTION GUIDE CENTRIFY CORP. SEPTEMBER 2005 Windows Security and Directory Services for UNIX using Centrify DirectControl With Centrify, you can now fully leverage your investment in Active Directory
More informationHow to Deploy a Secure, Highly-Available Hadoop Platform
How to Deploy a Secure, Highly-Available Hadoop Platform Dr. Olaf Flebbe, Michael Weiser science + computing ag IT-Dienstleistungen und Software für anspruchsvolle Rechnernetze Tübingen München Berlin
More informationFreeIPA - Open Source Identity Management in Linux
FreeIPA - Open Source Identity Management in Linux Martin Košek Supervisor, Software Engineering, Red Hat ORS 2013, Karviná 1 Identity Management What is identity management? Identity
More informationCloudera Backup and Disaster Recovery
Cloudera Backup and Disaster Recovery Important Notice (c) 2010-2013 Cloudera, Inc. All rights reserved. Cloudera, the Cloudera logo, Cloudera Impala, and any other product or service names or slogans
More informationIntegrating UNIX and Linux with Active Directory. John H Terpstra
Integrating UNIX and Linux with Active Directory John H Terpstra CTO, PrimaStasys Inc. jht@primastasys.com Slide 1 Agenda Definition of the Integration Problem Technical Background Review of Solution Choices
More informationBig Data Operations Guide for Cloudera Manager v5.x Hadoop
Big Data Operations Guide for Cloudera Manager v5.x Hadoop Logging into the Enterprise Cloudera Manager 1. On the server where you have installed 'Cloudera Manager', make sure that the server is running,
More informationTheorie Practical part Outlook. Kerberos. Secure and efficient authentication and key distribution. Johannes Lötzsch and Meike Zehlike
Secure and efficient authentication and key distribution October 27, 2009 Table of content Theorie Why to use SingleSignOn TGT ross-realm-authentication Practical part Setup your own -server kadmin (add
More informationConfiguring Squid Proxy, Active Directory Authentication and SurfProtect ICAP Access
Configuring Squid Proxy, Active Directory Authentication and SurfProtect ICAP Access Contents Introduction 3 To Configure 4 Squid Server... 4 Windows Domain Controller... 4 Configuration 4 DNS... 4 NTP...
More informationCharles Firth charles@firthconsulting.com. Managing Macs in a Windows World
Charles Firth charles@firthconsulting.com Managing Macs in a Windows World Prerequisites Familiarity with Windows Active Directory networks Interest in Macintosh OSX integration and support Basic understanding
More informationFreeIPA Client and Server
FreeIPA 3.3 Training Series FreeIPA Client and Server Improvements in FreeIPA 3.3 Martin Košek 2014-04-03 Focus of FreeIPA 3.x versions FreeIPA 3.3 introduced cross-realm Trusts with
More informationFreeIPA Client and Server
FreeIPA Training Series FreeIPA Client and Server Improvements in version 3.0 Rob Crittenden & Martin Kosek 01-14-2013 Client Improvements Tool to configure automount client ipa-client-automount --location=location
More informationCloudera Backup and Disaster Recovery
Cloudera Backup and Disaster Recovery Important Note: Cloudera Manager 4 and CDH 4 have reached End of Maintenance (EOM) on August 9, 2015. Cloudera will not support or provide patches for any of the Cloudera
More informationManaging Identity & Access in On-premise and Cloud Environments. Ellen Newlands Identity Management Product Manager Red Hat, Inc. 06.27.
Managing Identity & Access in On-premise and Cloud Environments Ellen Newlands Identity Management Product Manager Red Hat, Inc. 06.27.12 Agenda What is identity and access management Why should you care
More informationIntegrating OID with Active Directory and WNA
Integrating OID with Active Directory and WNA Hari Muthuswamy CTO, Eagle Business Solutions May 10, 2007 Suncoast Oracle User Group Tampa Convention Center What is SSO? Single Sign-On On (SSO) is a session/user
More informationCentrify Identity and Access Management for Cloudera
Centrify Identity and Access Management for Cloudera Integration Guide Abstract Centrify Server Suite is an enterprise-class solution that secures Cloudera Enterprise Data Hub leveraging an organization
More informationArchitecting the Future of Big Data
Hive ODBC Driver User Guide Revised: July 22, 2014 2012-2014 Hortonworks Inc. All Rights Reserved. Parts of this Program and Documentation include proprietary software and content that is copyrighted and
More informationSamba in the Enterprise : Samba 3.0 and beyond
Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org jeremy.allison@hp.com Where we are now : Samba 2.2 The current Samba is a credible replacement for a Windows server providing
More informationSetting up Single Sign-On (SSO) with SAP HANA and SAP BusinessObjects XI 4.0
Setting up Single Sign-On (SSO) with SAP HANA and SAP BusinessObjects XI 4.0 February 8, 2013 Version 1.0 Vishal Dhir Customer Solution Adoption (CSA) www.sap.com TABLE OF CONTENTS INTRODUCTION... 3 What
More informationConfigure the Application Server User Account on the Domain Server
How to Set up Kerberos Summary This guide guide provides the steps required to set up Kerberos Configure the Application Server User Account on the Domain Server The following instructions are based on
More informationSingle sign-on websites with Apache httpd: Integrating with Active Directory for authentication and authorization
Single sign-on websites with Apache httpd: Integrating with Active Directory for authentication and authorization Michael Heldebrant Solutions Architect, Red Hat Outline Authentication overview Basic LDAP
More informationThe following process allows you to configure exacqvision permissions and privileges for accounts that exist on an Active Directory server:
Ubuntu Linux Server & Client and Active Directory 1 Configuration The following process allows you to configure exacqvision permissions and privileges for accounts that exist on an Active Directory server:
More informationHow To Configure the Oracle ZFS Storage Appliance for Quest Authentication for Oracle Solaris
How To Configure the Oracle ZFS Storage Appliance for Quest Authentication for Oracle Solaris January 2014; v1.3 By Andrew Ness This article describes how to configure Quest Authentication Services in
More informationActive Directory and Linux Identity Management
Active Directory and Linux Identity Management Published by the Open Source Software Lab at Microsoft. December 2007. Special thanks to Chris Travers, Contributing Author to the Open Source Software Lab.
More informationQuick Deployment Step-by-step instructions to deploy Oracle Big Data Lite Virtual Machine
Quick Deployment Step-by-step instructions to deploy Oracle Big Data Lite Virtual Machine Version 3.0 Please note: This appliance is for testing and educational purposes only; it is unsupported and not
More informationGuide to SASL, GSSAPI & Kerberos v.6.0
SYMLABS VIRTUAL DIRECTORY SERVER Guide to SASL, GSSAPI & Kerberos v.6.0 Copyright 2011 www.symlabs.com Chapter 1 Introduction Symlabs has added support for the GSSAPI 1 authentication mechanism, which
More informationCloudera ODBC Driver for Impala Version 2.5.15
Cloudera ODBC Driver for Impala Version 2.5.15 Important Notice 2010-2013 Cloudera, Inc. All rights reserved. Cloudera, the Cloudera logo, Cloudera Impala, Impala, and any other product or service names
More informationIntroduction to Big data. Why Big data? Case Studies. Introduction to Hadoop. Understanding Features of Hadoop. Hadoop Architecture.
Big Data Hadoop Administration and Developer Course This course is designed to understand and implement the concepts of Big data and Hadoop. This will cover right from setting up Hadoop environment in
More informationKerberos Delegation with SAS 9.4
Paper SAS3443-2016 Kerberos Delegation with SAS 9.4 Stuart J Rogers, SAS Institute Inc., Cary, NC ABSTRACT Do you want to see and experience how to configure SAS Enterprise Miner single sign-on? Are you
More informationIdentity Management: The authentic & authoritative guide for the modern enterprise
Identity Management: The authentic & authoritative guide for the modern enterprise Ellen Newlands, Product Manager Dmitri Pal, Director, Engineering 06-26-15 Goals of the Presentation Introduce Identity
More informationENABLING SINGLE SIGN-ON: SPNEGO AND KERBEROS Technical Bulletin For Use with DSView 3 Management Software
ENABLING SINGLE SIGN-ON: SPNEGO AND KERBEROS Technical Bulletin For Use with DSView 3 Management Software Avocent, the Avocent logo, The Power of Being There and DSView are registered trademarks of Avocent
More informationBest Practices: Integrating Mac OS X with Active Directory. Technical White Paper April 2009
Best Practices: Integrating Mac OS X Technical White Paper April 2009 2 Contents Page 3 Page 5 Page 9 Page 10 Page 11 Page 12 Apple s Built-In Solution How to Integrate Mac OS X Getting Started dsconfigad
More informationSecure Unified Authentication for NFS
Technical Report Secure Unified Authentication for NFS Kerberos, NFSv4, and LDAP in Clustered Data ONTAP Justin Parisi, NetApp July 2015 TR-4073 Abstract This document explains how to configure NetApp
More informationArchitecting the Future of Big Data
Hive ODBC Driver User Guide Revised: July 22, 2013 2012-2013 Hortonworks Inc. All Rights Reserved. Parts of this Program and Documentation include proprietary software and content that is copyrighted and
More informationSSSD AD Provider: Access Control
FreeIPA 3.3 Training Series SSSD AD Provider: Access Control Pavel Reichl February 2014 Contents of presentation 1.Need for access control 2.Simple Access Provider 3.LDAP Access Provider 4.Active Directory
More informationHandling POSIX attributes for trusted Active Directory users and groups in FreeIPA
Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander Bokovoy May 21th, 2015 Samba Team / Red Hat 0 A crisis of identity (solved?) FreeIPA What is
More informationRed Hat Enterprise ipa
Red Hat Enterprise ipa Introduction Red Hat Enterprise IPA enables your organization to comply with regulations, reduce risk, and become more efficient. Simply and centrally manage your Linux/Unix users
More informationHadoop Security Design
Hadoop Security Design Owen O Malley, Kan Zhang, Sanjay Radia, Ram Marti, and Christopher Harrell Yahoo! {owen,kan,sradia,rmari,cnh}@yahoo-inc.com October 2009 Contents 1 Overview 2 1.1 Security risks.............................
More informationContents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS
SonicOS User Identification Using the Domain Controller Security Log Contents Supported Platforms... 1 Event Viewer... 1 Configuring Group Policy to Enable Logon Audit... 2 Events in Security Log... 4
More informationKerberos on z/os. Active Directory On Windows Server 2008. William Mosley z/os NAS Development. December 2011. Interaction with. wmosley@us.ibm.
Kerberos on z/os Interaction with Active Directory On Windows Server 2008 + William Mosley z/os NAS Development wmosley@us.ibm.com December 2011 Agenda Updates to Windows Server 2008 Setting up Cross-Realm
More information1 Introduction. Ubuntu Linux Server & Client and Active Directory. www.exacq.com Page 1 of 14
Ubuntu Linux Server & Client and Active Directory 1 Introduction For an organization using Active Directory (AD) for user management of information technology services, integrating exacqvision into the
More informationCloudera Manager Training: Hands-On Exercises
201408 Cloudera Manager Training: Hands-On Exercises General Notes... 2 In- Class Preparation: Accessing Your Cluster... 3 Self- Study Preparation: Creating Your Cluster... 4 Hands- On Exercise: Working
More informationHDFS Users Guide. Table of contents
Table of contents 1 Purpose...2 2 Overview...2 3 Prerequisites...3 4 Web Interface...3 5 Shell Commands... 3 5.1 DFSAdmin Command...4 6 Secondary NameNode...4 7 Checkpoint Node...5 8 Backup Node...6 9
More informationCentrify Single Sign-On
Centrify Single Sign-On Configuring Integration with SAP December 2014 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject to
More informationpython hadoop pig October 29, 2015
python hadoop pig October 29, 2015 1 Python Hadoop Pig This notebook aims at showing how to submit a PIG job to remote hadoop cluster (tested with Cloudera). It works better if you know Hadoop otherwise
More informationSingle Sign On. Configuration Checklist for Single Sign On CHAPTER
CHAPTER 39 The single sign on feature allows end users to log into a Windows client machine on a Windows domain, then use certain Cisco Unified Communications Manager applications without signing on again.
More informationUsing Active Directory as your Solaris Authentication Source
Using Active Directory as your Solaris Authentication Source The scope of this paper is to document how a newly installed Solaris 10 server can be configured to use an Active Directory directory service
More informationMigration of Windows Intranet domain to Linux Domain Moving Linux to a Wider World
Journal of Basic and Applied Engineering Research pp. 55-59 Krishi Sanskriti Publications http://www.krishisanskriti.org/jbaer.html Migration of Windows Intranet domain to Linux Domain Moving Linux to
More informationVintela Authentication from SCO Release 2.2. System Administration Guide
Vintela Authentication from SCO Release 2.2 System Administration Guide November 19, 2003 COPYRIGHT (c) Copyright 2003 Vintela, Inc. All Rights Reserved. (c) Copyright 2003 The SCO Group, Inc. Vintela
More informationActive Directory and Oxford Single Sign-On
Active Directory and Oxford Single Sign-On Bridget Lewis ICTST Adrian Parks OUCS 21 st June 2007 1 Aim How to link Active Directory to the Oxford Kerberos Single sign-on (SSO) infrastructure What is Kerberos?
More informationLike what you hear? Tweet it using: #Sec360
Like what you hear? Tweet it using: #Sec360 HADOOP SECURITY Like what you hear? Tweet it using: #Sec360 HADOOP SECURITY About Robert: School: UW Madison, U St. Thomas Programming: 15 years, C, C++, Java
More informationVirtual Machine (VM) For Hadoop Training
2012 coreservlets.com and Dima May Virtual Machine (VM) For Hadoop Training Originals of slides and source code for examples: http://www.coreservlets.com/hadoop-tutorial/ Also see the customized Hadoop
More informationHadoop Security Analysis NOTE: This is a working draft. Notes are being collected and will be edited for readability.
Hadoop Security Analysis NOTE: This is a working draft. Notes are being collected and will be edited for readability. Introduction This document describes the state of security in a Hadoop YARN cluster.
More informationVINTELA AUTHENTICATION SERVICES
VINTELA AUTHENTICATION SERVICES Troubleshooting Training, Level I Last printed 10/26/2006 3:07:00 PM VAS Troubleshooting Training, Level I VAS Troubleshooting Training, Level I... 2 1: Outline and Purpose...
More informationdocs.hortonworks.com
docs.hortonworks.com Hortonworks Data Platform: Configuring Kafka for Kerberos Over Ambari Copyright 2012-2015 Hortonworks, Inc. Some rights reserved. The Hortonworks Data Platform, powered by Apache Hadoop,
More information(june 2007 -> this is version 3.025a)
U s i n g t h e L i n u x P C o n t h e M e e t P C V L A N This article was published on www.tudelft.nl/itt Date: june, 2007 Author: Boris van Es Version: 1.0 Case In your lab there are several computers
More informationExternal and Federated Identities on the Web
External and Federated Identities on the Web Jan Pazdziora Sr. Principal Software Engineer Identity Management Special Projects, Red Hat 1 st October 2015 Scope and problem statement Applications get deployed
More informationPivotal HD Enterprise
PRODUCT DOCUMENTATION Pivotal HD Enterprise Version 1.1 Stack and Tool Reference Guide Rev: A01 2013 GoPivotal, Inc. Table of Contents 1 Pivotal HD 1.1 Stack - RPM Package 11 1.1 Overview 11 1.2 Accessing
More informationImportant Notice. (c) 2010-2015 Cloudera, Inc. All rights reserved.
Cloudera Security Important Notice (c) 2010-2015 Cloudera, Inc. All rights reserved. Cloudera, the Cloudera logo, Cloudera Impala, and any other product or service names or slogans contained in this document
More informationIntroduction to Highly Available NFS Server on scale out storage systems based on GlusterFS
Introduction to Highly Available NFS Server on scale out storage systems based on GlusterFS Soumya Koduri Red Hat Meghana Madhusudhan Red Hat AGENDA What is GlusterFS? Integration with NFS Ganesha Clustered
More informationHOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION
HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION Version 1.1 / Last updated November 2012 INTRODUCTION The Cloud Link for Windows client software is packaged as an MSI (Microsoft Installer)
More informationKerberos and Windows SSO Guide Jahia EE v6.1
Documentation Kerberos and Windows SSO Guide Jahia EE v6.1 Jahia delivers the first Web Content Integration Software by combining Enterprise Web Content Management with Document and Portal Management features.
More informationMongoDB Security Guide
MongoDB Security Guide Release 3.0.8 MongoDB, Inc. January 04, 2016 2 MongoDB, Inc. 2008-2015 This work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike 3.0 United States License
More informationKognitio Technote Kognitio v8.x Hadoop Connector Setup
Kognitio Technote Kognitio v8.x Hadoop Connector Setup For External Release Kognitio Document No Authors Reviewed By Authorised By Document Version Stuart Watt Date Table Of Contents Document Control...
More informationIntegrating Red Hat Enterprise Linux 6 with Active Directory. Mark Heslin Principal Software Engineer
Integrating Red Hat Enterprise Linux 6 with Active Directory Mark Heslin Principal Software Engineer Version 1.5 March 2014 1801 Varsity Drive Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888
More informationINUVIKA TECHNICAL GUIDE
--------------------------------------------------------------------------------------------------- INUVIKA TECHNICAL GUIDE SINGLE SIGN-ON WITH MICROSOFT ACTIVE DIRECTORY USING KERBEROS OVD Enterprise
More informationInfomatics. Big-Data and Hadoop Developer Training with Oracle WDP
Big-Data and Hadoop Developer Training with Oracle WDP What is this course about? Big Data is a collection of large and complex data sets that cannot be processed using regular database management tools
More informationImportant Notice. (c) 2010-2013 Cloudera, Inc. All rights reserved.
Hue 2 User Guide Important Notice (c) 2010-2013 Cloudera, Inc. All rights reserved. Cloudera, the Cloudera logo, Cloudera Impala, and any other product or service names or slogans contained in this document
More informationHow To Use Cloudera Manager Backup And Disaster Recovery (Brd) On A Microsoft Hadoop 5.5.5 (Clouderma) On An Ubuntu 5.2.5 Or 5.3.5
Cloudera Manager Backup and Disaster Recovery Important Notice (c) 2010-2015 Cloudera, Inc. All rights reserved. Cloudera, the Cloudera logo, Cloudera Impala, and any other product or service names or
More informationRed Hat Identity Management
Red Hat Identity Management Overview Thorsten Scherf Senior Consultant Red Hat Global Professional Services Agenda What is Red Hat Identity Management? Main values Architecture Features Active Directory
More informationINTRODUCING SAMBA 4 NOW, EVEN MORE AWESOMENESS
INTRODUCING SAMBA 4 NOW, EVEN MORE AWESOMENESS Samba 4 has been in development for a long time but an official first release is imminent, the developers say. Its biggest feature is Active Directory Server
More informationAD Integration options for Linux Systems
AD Integration options for Linux Systems Overview Dmitri Pal Developer Conference. Brno. 2013 Agenda Problem statement Aspects of integration Options Questions Problem Statement For most companies AD is
More informationBest Practices: Integrating Mac OS X with Active Directory. Technical White Paper September 2007
Best Practices: with Active Directory Technical White Paper September 2007 Contents Page 3 Page 4 Page 8 Page 10 Page 11 Page 13 Apple s Built-In Solution How to Integrate Mac OS X with Active Directory
More informationRed Hat Enterprise Identity (IPA) Centralized Management of Identities & Authentication
Red Hat Enterprise Identity (IPA) Centralized of Identities & Authentication Dmitri Pal Sr. Engineering Manager, Red Hat Inc. Robert Crittenden Sr. Engineer, Red Hat Inc. 05/06/11 Agenda What is IPA? Main
More informationMultitenancy and the Enterprise Data Hub. James Kinley @jrkinley IP EXPO EUROPE Big Data Evolution Summit
Multitenancy and the Enterprise Data Hub James Kinley @jrkinley IP EXPO EUROPE Big Data Evolution Summit 1 About me James Kinley @jrkinley Principal Solutions Architect EMEA Hadooper since 2010 Clouderan
More information