Index of cdh6/6.3.2/docs/hadoop-3.0.0-cdh6.3.2/hadoop-auth/

Name	Last Modified	Size
Parent Directory
css/	-	-
images/	-	-
BuildingIt.html	2019-11-12 13:44	23.95KB
Configuration.html	2019-11-12 13:43	46.06KB
dependency-analysis.html	2019-11-12 13:43	21.68KB
Examples.html	2019-11-12 13:42	26.67KB
index.html	2019-11-12 13:44	24.09KB
project-reports.html	2019-11-12 13:45	22.35KB

Name

Last Modified

Size

2019-11-12 13:44

23.95KB

Configuration.html

2019-11-12 13:43

46.06KB

dependency-analysis.html

2019-11-12 13:43

21.68KB

Examples.html

2019-11-12 13:42

26.67KB

index.html

2019-11-12 13:44

24.09KB

project-reports.html

2019-11-12 13:45

22.35KB

Unless otherwise specified herein, downloads of software from this site and its use are governed by the Cloudera Standard License. By downloading or using this software from this site you agree to be bound by the Cloudera Standard License. If you do not wish to be bound by these terms, then do not download or use the software from this site.

Common

HDFS

MapReduce

MapReduce REST APIs

YARN

YARN REST APIs

Hadoop Compatible File Systems

Auth

Tools

Reference

Configuration

Hadoop Auth, Java HTTP SPNEGO

Hadoop Auth is a Java library consisting of a client and a server components to enable Kerberos SPNEGO authentication for HTTP.

Hadoop Auth also supports additional authentication mechanisms on the client and the server side via 2 simple interfaces.

Additionally, it provides a partially implemented derivative of the Kerberos SPNEGO authentication to allow a “mixed” form of authentication where Kerberos SPNEGO is used by non-browsers while an alternate form of authentication (to be implemented by the user) is used for browsers.

License

Hadoop Auth is distributed under Apache License 2.0.

How Does Auth Works?

Hadoop Auth enforces authentication on protected resources, once authentiation has been established it sets a signed HTTP Cookie that contains an authentication token with the user name, user principal, authentication type and expiration time.

Subsequent HTTP client requests presenting the signed HTTP Cookie have access to the protected resources until the HTTP Cookie expires.

The secret used to sign the HTTP Cookie has multiple implementations that provide different behaviors, including a hardcoded secret string, a rolling randomly generated secret, and a rolling randomly generated secret synchronized between multiple servers using ZooKeeper.