Professional Documents
Culture Documents
Kerberos Is A Way of Authenticating Users That Was Developed at MIT
Kerberos Is A Way of Authenticating Users That Was Developed at MIT
Kerberos Is A Way of Authenticating Users That Was Developed at MIT
Principals are divided into two categories vit user principals and service
principals.
User principal names (UPN) are used to refer to users; these users are similar
to users in an operating system.
The kerberos database, authentication (AS) and ticket granting service (TGS)
form the KDC.
The AS is used to grant tickets when clients make a request to the AS. The
TGS validates tickets and issues service tickets.
1. The first step is to create a key distribution center (KDC) for the Hadoop
cluster. It is advisable to use a KDC that is separate from any other
existing KDC.
2. The second step is to create service principals for each of the Hadoop
services for example mapreduce, yarn and hdfs.
3. The third step is to create encrypted kerberos keys (keytabs) for each
service principal
4. The fourth step is to distribute keytabs for service principals to each of
the cluster nodes.
5. The last step is configuring all services to rely on kerberos
authentication.