Hadoop Kerberos的那些坑
顾亮亮
2015.11.03

Presenter Notes

Agenda

  • Kerberos Introduction
  • Token Expired Problem when Hadoop meet Kerberos
  • How Spark solve the Problem
  • Hadoop Kerberos Programming API

Presenter Notes

Kerberos (百度百科)

Kerberos这一名词来源于希腊神话 三个头的狗——地狱之门守护者

Presenter Notes

Kerberos (Wikipedia)

Kerberos /ˈkərbərəs/ is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

Presenter Notes

Authentication(认证) VS Authorization(授权)

  • Authentication

    is the act of confirming the truth of an attribute of a single piece of data claimed true by an entity.

  • Authorization

    is the function of specifying access rights to resources related to information security and computer security in general and to access control in particular.

Authentication is about who somebody is.

Authorisation is about what they're allowed to do.

Presenter Notes

Step 1: Authentication Service - TGT Delivery

TGT: Ticket Granting Ticket From: The MIT Kerberos Administrator’s How-to Guide

Presenter Notes

Step 2: Ticket Granting Service - TGS Delivery

TGS: Ticket Granting Service

Presenter Notes

Diagrams