hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen O'Malley <omal...@apache.org>
Subject Re: Hadoop Security
Date Sun, 21 Feb 2010 22:01:58 GMT

On Feb 17, 2010, at 9:57 PM, gscse@tce.edu wrote:

>  Analyzed that kerberos cab be used for user authentication.when the  
> user
> wants to submit a job he/she can get delegation token followed by  
> block
> access token to access data from HDFS.So the client is overloaded with
> initial 2 tickets (kerberos) TGT(Ticket grating Ticket),ST (service
> ticket)followed by delegation token and block access token..Is that  
> right??

When the user logs in to the system, they get a TGT. When they want to  
submit a job, they'll get two service tickets (one for the Name Node  
and one for the Job Tracker). They will get a delegation token from  
the NameNode and include that as part of the job. So in total,  
submitting a job should only take those 2 interactions with the  
Kerberos KDC.

-- Owen

View raw message