Big Data Hadoop Certification Training
- 147k Enrolled Learners
- Live Class
The Hadoop framework performed insufficient authentication and authorization of both users and services. This allows any user to impersonate other user, receive blocks directly from Datanodes by bypassing NameNode and snooping of data packets sent by Datanodes to client. The framework did not perform mutual authentication and allowed malicious network user to imitate cluster services. This is where Kerberos comes in to the picture. Let’s look at how a simple security flow is.
Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by means of secret-key cryptography. Kerberos ensures the highest level of security to network resources. The Kerberos protocol name is based on the three- headed dog figure from Greek mythology known as Kerberos.
Kerberos comprises of 3 components; Key Distribution Center (KDC), Client User and Server with the desired service to access. The KDC performs 2service functions:
As shown in the above figure, three exchanges occurs when the client accesses a server:
The new Hadoop security design makes use of Delegation Tokens, Job Tokens and Block Access Tokens in Kerberos. Each of these tokens is similar in structure.
Instead of client sending password to application server, a Request Ticket is placed from authentication server and the Ticket along with the encrypted request is sent to application server (by Jeff at dresshead website). Now, how to request tickets without repeatedly sending credentials? This is done through Ticket granting ticket (TGT).
Got a question for us? Mention them in the comments section and we will get back to you.