You can now enable authentication with Kerberos and fine-grained EMRFS authorization for Amazon S3 access on your Amazon EMR clusters. You can use Kerberos to authenticate requests between services running on your cluster, user actions on your cluster, and external client requests from remote services. Amazon EMR will create a MIT KDC on the master node of your cluster, and utilize the open-source Kerberos authentication settings for certain application components on your cluster. Additionally, you can easily enable a cross-realm trust with a Microsoft Active Directory to seamlessly allow users in the directory to authenticate using Kerberos to access and run workloads on a cluster.