Geek asks and answers

Hadoop Security

Scenario: - User logs on to his computer gets authenticated by Kerberos Authentication and submits a map reduce job

I'm trying to find out how Kerberos can be implemented in Hadoop? I went through this document https://issues.apache.org/jira/browse/HADOOP-4487 I also used the basic Kerberos material ( https://www.youtube.com/watch?v=KD2Q-2ToloE )

, . : - , Kerberos Authentication (, , 5 ) , () ( 1 19) DT ( ) BAT ( ) JT ( )

1,2,3 4 : - TGT ( ) Node. 1) KDC? , node ?

5,6,7,8 9 : - , node, . node () ( Track Job)

Question2) Job Tracker. ?

10, 11, 12, 13 14 : Job tracker, KDC Job Tracker ACK JobTracker + JobTracker.

15, 16 17 : - . blockID Job Tracker TaskTracker

3) BlockAccessToken node? JobTracker TaskTracker

, 18 . 19 : Job tracker Job Token ( ) TaskTrackers.

Question4) , , ? , ( ).

, , - , - .

+6
2

, Hadoop

  • Kerberos , . yum install krb5-server yum install krb5- yum install krb5-libs

  • KDC, acl , admin keybab . /var/kerberos/krb 5kdc/kdc.conf

  • /etc/krb 5.conf, kdc

  • KDC

    $kdb5_util create -r _ -s

  • ACL

    • vi/etc/kdamin.acl
    • admin main 'admin/admin @host_name

  • $ addprinc admin/admin @host_name

Kerberos

yum install krb5-workstation

krb5.conf

Hadoop, https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html

:

  • node, .
  • "kinit -k -t/location/of/keytab _ @host_name"
  • HDFS mapreduce .

, , kerberos.

0

More articles:


All Articles