Hi, I’m playing with HDP for windows, and have 2 questions about security.
1. Kerberos Authentication: How to configure the HDP to use windows Kerberos authentication? I saw all documents is about configure kereros in linux/CenterOS. But in windows AD, there is already one KDC in the domain controller, and we never manually generate the key tab files.
2. The account for running Map Reduce job. Currently, what i saw is the process of MR job is running with the same account (hadoop) as the taskTracker service, but not the account of the job owner. If i write some malicious code in the MR job, the code can directly access local FS or HDFS in the security context of “hadoop” user. And “hadoop” user is actually the super account in hadoop system. This is big security issue. What we can do with this?