yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/mrs/umn/admin_guide_000175.html
Yang, Tong 2195db241c MRS UMN 20231220 version update 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-05-16 09:40:21 +00:00

19 lines
2.7 KiB
HTML
Raw Blame History

<a name="admin_guide_000175"></a><a name="admin_guide_000175"></a>
<h1 class="topictitle1">Overview of Mutual Trust Between Clusters</h1>
<div id="body1529658735916"><div class="section" id="admin_guide_000175__s95643b28b8ac4fe0a368d7055e0b494d"><h4 class="sectiontitle">Function Description</h4><p class="msonormal" id="admin_guide_000175__en-us_topic_0046737081_p62984283">By default, users of a big data cluster in security mode can only access resources in the cluster but cannot perform identity authentication or access resources in other clusters in security mode.</p>
</div>
<div class="section" id="admin_guide_000175__sf28bf30503184012b037e4640e836bb9"><h4 class="sectiontitle">Feature Description</h4><ul id="admin_guide_000175__ul134171181109"><li class="msonormal" id="admin_guide_000175__li13417883109"><strong id="admin_guide_000175__b13144334152516">Domain</strong><p class="msonormal" id="admin_guide_000175__p450811951018">The secure usage scope of users in each system is called a domain. Each <span id="admin_guide_000175__text1950618245575">MRS</span> Manager must have a unique domain name. Cross-Manager access allows users to use resources across domains.</p>
</li><li class="msonormal" id="admin_guide_000175__li04171680107"><strong id="admin_guide_000175__b169235484278">User Encryption</strong><p class="msonormal" id="admin_guide_000175__p5109141051011">Mutual trust can be configured across <span id="admin_guide_000175__text99391526165713">MRS</span> Managers. The current Kerberos server supports only the aes256-cts-hmac-sha1-96:normal and aes128-cts-hmac-sha1-96:normal encryption types for encrypting cross-domain users, and the encryption types cannot be changed.</p>
</li><li class="msonormal" id="admin_guide_000175__li1841713841020"><strong id="admin_guide_000175__en-us_topic_0046737081_b16204545">User Authentication</strong><p class="msonormal" id="admin_guide_000175__p9875111151014">After cross-Manager mutual trust is configured, if a user with the same name exists in two systems and the user in the peer system has the permission to access a resource in that system, this user can also access the remote resource.</p>
</li><li class="msonormal" id="admin_guide_000175__li9417587104"><strong id="admin_guide_000175__en-us_topic_0046737081_b1953436">Direct Mutual Trust</strong><p class="msonormal" id="admin_guide_000175__p13321713181012">The system saves the mutual trust ticket of the peer system in two clusters with mutual trust configured and uses the mutual trust ticket to access the peer system.</p>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000174.html">Cluster Mutual Trust Management</a></div>
</div>
</div>
View Git Blame Copy Permalink