Kerberos is a way of authenticating users/services that was developed at MIT.

Kerberos identity verification is implemented through a client/server model.

An identity that needs to be verified is referred to as a principal.

Principals are divided into two categories vit user principals and service
principals.

User principal names (UPN) are used to refer to users; these users are similar
to users in an operating system.

Service principal names (SPN) refer to services accessed by a user such as a

database.

A realm in kerberos refers to an authentication administrative domain.

Principals are assigned to specific realms in order to demarcate boundaries
and simplify administration.

Information on principals and realms resides in a key distribution center

(KDC).

The kerberos database, authentication (AS) and ticket granting service (TGS)
form the KDC.

The kerberos database is the repository of all principals and realms.

The AS is used to grant tickets when clients make a request to the AS. The
TGS validates tickets and issues service tickets.

To implement kerberos authentication in Hadoop several steps are required

and they are listed below.

1. The first step is to create a key distribution center (KDC) for the Hadoop
cluster. It is advisable to use a KDC that is separate from any other
existing KDC.
2. The second step is to create service principals for each of the Hadoop
services for example mapreduce, yarn and hdfs.
3. The third step is to create encrypted kerberos keys (keytabs) for each
service principal
4. The fourth step is to distribute keytabs for service principals to each of
the cluster nodes.
5. The last step is configuring all services to rely on kerberos
authentication.