A dedicated Hadoop Authentication Server to support various authentication mechanisms other than just Kerberos. In its core it leverages a Kerby KDC developed by Apache Kerby, a sub project of Apache Directory.
Assuming existing users are stored in a SQL database (like MySQL), the detailed design and workflow may go like the following:
// Get the login module type ID, used to distinguish this module from others. // Should correspond to the server side module. String getLoginType() // Perform all the client side login logics, the results wrapped in an AuthToken, // will be validated by HAS server. AuthToken login(Conf loginConf) throws HasLoginException
// Get the login module type ID, used to distinguish this module from others. // Should correspond to the client side module. String getLoginType() // Perform all the server side authentication logics, the results wrapped in an AuthToken, // will be used to exchange a Kerberos ticket. AuthToken authenticate(AuthToken userToken) throws HasAuthenException
Please look at REST API for details.
Please look at How to start for details.
Please look at High Availability for details.
Please look at How to setup cross-realm for details.
Big Data Components | Supported | Rebuild Required | Configuring Required |
---|---|---|---|
Hadoop | Yes | Yes | Yes |
Zookeeper | Yes | Yes | Yes |
HBase | Yes | Yes | Yes |
Hive | Yes | No | Yes |
Phoenix | Yes | No | Yes |
Thrift | Yes | No | Yes |
Spark | Yes | No | Yes |
Oozie | Yes | No | Yes |
Presto | Yes (0.148 and later) | No | Yes |
Pig | Yes | No | No |
Sqoop | Yes | No | No |
Please look at Performance test report for details.