KrbServer and LdapServer Enhanced Open Source Features
Service Authentication in a Cluster
In an MRS cluster that uses the security mode, mutual access between services is implemented based on the Kerberos security architecture. When a service (such as HDFS) in the cluster is to be started, the corresponding sessionkey (keytab, used for identity authentication of the application) is obtained from Kerberos. If another service (such as YARN) needs to access HDFS and add, delete, modify, or query data in HDFS, the corresponding TGT and ST must be obtained for secure access.
Application Development Authentication
MRS components provide application development interfaces for customers or upper-layer service product clusters. During application development, a cluster in security mode provides specified application development authentication interfaces to implement application security authentication and access. For example, the UserGroupInformation class provided in hadoop-common api includes multiple security authentication APIs.
- setConfiguration() is used to obtain related configuration and set parameters such as global variables.
- loginUserFromKeytab(): is used to obtain TGT interfaces.
Cross-System Mutual Trust
MRS provides the mutual trust function between two Managers to implement data read and write operations between systems.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot