Chapter X build a Hadoop cluster
10.4 Security
- Earlier versions of Hadoop can not prevent a malicious user to access fake root, or delete some data cluster
- Hadoop lack of a secure authentication mechanisms to ensure that the user is operating a cluster of all claims to security users
- Use Kerberos (a mature open source network authentication protocol) to implement user authentication, Kerberos responsibilities that user login account whether a firm is claimed, Hadoop is decided in the end user how much authority.
10.4.1 Kerberos和hadoop
- When using Kerberos, the client requires three steps to get the service
- Authentication, access ticket, valid for 10 hours or longer. (This step requires the user to enter the username / password)
- Authorize
- Request for service
10.4.2 delegation token
- Client Access server the first time the need for Kerberos authentication, the authentication token can get a commission issued by the corresponding namenode unique, subsequent calls to show the delegation token
10.4.3 Other Security Improvements
End ------------ ------------ restore content