The Informatica domain and the Hadoop cluster can use Kerberos authentication to verify user accounts, when the Hadoop cluster supports Kerberos. You can use Kerberos authentication with the domain, with a supported Hadoop cluster, or with both.
Kerberos is a network authentication protocol that uses tickets to authenticate access to services and nodes in a network. Kerberos uses a Key Distribution Center (KDC) to validate the identities of users and services and to grant tickets to authenticated user and service accounts. Users and services are known as principals. The KDC has a database of principals and their associated secret keys that are used as proof of identity. Kerberos can use an LDAP directory service as a principal database.
You can integrate the Informatica domain with a Kerberos-enabled Hadoop cluster whether the domain is Kerberos-enabled or not.
The requirements for Kerberos authentication for the Informatica domain and for the Hadoop cluster:
Kerberos authentication for the Informatica domain
Kerberos authentication for the Informatica domain requires principals stored in a Microsoft Active Directory (AD) LDAP service. If the Informatica domain is Kerberos-enabled, you must use Microsoft AD for the KDC.
Kerberos authentication for the Hadoop cluster
Informatica supports Hadoop clusters that use an AD KDC or an MIT KDC.
When you enable Kerberos for Hadoop, each user and Hadoop service must be authenticated by the KDC. The cluster must authenticate the Data Integration Service user and, optionally, the Blaze user.
For more information about how to configure Kerberos for Hadoop, see the documentation for your Hadoop distribution.
The configuration steps required for the domain to connect to a Hadoop cluster that uses Kerberos authentication depend on whether the domain uses Kerberos.