Database Reference
In-Depth Information
Understanding the Kerberos Architecture
Before we start configuring Kerberos in a Hadoop environment, we need to get a good un-
derstanding of Kerberos and its workings. The following diagram describes the various
system components in the Kerberos environment:
Every Kerberos environment will have a
Key Distribution Center
(
KDC
), which is re-
sponsible for managing the credentials of users and services in the network. KDC is the
centrally located credential store used by Kerberos to authenticate clients.
An example of client would be any user or software service trying to access the network.
As you can seen in the preceding diagram, the KDC is made up of three components:
•
Authentication Service
: This component is responsible for all authentication-re-
lated operations
•
Database
: This component stores the secret keys of all the users and services on
the network
•
Ticket Granting Server
: This component is responsible for granting the service
tickets to users and other services
Using the preceding diagram, let's walk through the entire flow of information during an
authentication in a Kerberos environment. To understand it correctly, let's consider a user
who needs to access the network and subsequently access a file server on the network.
When a user or service is added to the network, the administrator generates a secret pass-
word in the KDC and shares it with the user/service. The secret password is only ex-
changed during this initial user/service network configuration.
