Updated on 2022-02-22 GMT+08:00

Introduction to Mutual Trust Relationships Between Clusters

Function Description

By default, users of big data clusters in safe mode can only access resources in the cluster. In other clusters, they cannot perform identity authentication to access resources in safe mode.

Features

  • Domain

    The usage range of users in each system is called a domain. Each Manager system must have a unique domain name. Cross-Manager access means users to be used across domains.

  • User Encryption

    Cross-Manager mutual trust relationships can be configured by using FusionInsight Manager. The current Kerberos server supports only aes256-cts-hmac-sha1-96:normal and aes128-cts-hmac-sha1-96:normal. Encryption types for encrypting cross-domain users cannot be changed.

  • User Authentication

    After cross-manager mutual trust is configured, if a user with the same name exists in the two systems and the user with the same name in the peer system has the permission to access a resource in the system, the current system user can access the remote resource.

  • Direct Mutual Trust

    When cross-cluster mutual trust relationships are built between two clusters, the system saves the mutual-trust receipts. Users can access the remote system through the mutual-trust receipts.