I am trying to enable Hadoop security in a Windows environment with Active Directory. The machines running Hadoop are in domain A and Kerberos users/principals are in domain B. Trust is enabled between domain A and domain B (I am able to login to machines in domain A using accounts in domain B). Few questions about this:
1. Do I need to run the Hadoop services under the user account (domain B) or can I run them as a machine local account such as Local System?
2. If I run them as Local System, how does the preauthentication to KDC take place? Is there a way to configure the credentials to use for KDC preauthentication?