Title :
A token authentication solution for hadoop based on kerberos pre-authentication
Author :
Kai Zheng ; Weihua Jiang
Author_Institution :
Big Data Technol., Intel Corp., Shanghai, China
Abstract :
As broad adoption of Apache Hadoop [20] accelerates authentication and authorization capabilities are a major concern for data access security. To integrate pluggable authentication providers, enhance desirable single sign on for end users, and enforce centralized access control on the platform, Hadoop community has widely discussed and concluded that token based authentication is the appropriate approach [18]. In this paper we discuss an innovation solution about how to implement the token authentication based on the Kerberos pre-authentication framework [4]. We propose a pre-authentication mechanism for Kerberos [1] that allows users to authenticate to Key Distribution Center (KDC) using a standard token, and develop a plugin for MIT Kerberos that can be deployed separately to employ the new mechanism. Based on that, we develop our token authentication solution for the entire Hadoop stack that helps integrate identity management systems and OAuth 2.0 [6] authorization solutions, meanwhile avoiding complication, risk and deployment overhead.
Keywords :
authorisation; data handling; Apache Hadoop; KDC; MIT Kerberos preauthentication; OAuth 2.0 authorization solutions; authorization capabilities; centralized access control; data access security; identity management systems; key distribution center; pluggable authentication providers; token authentication solution; Authentication; Authorization; Ecosystems; Public key; Standards; Authentication; Authorization; Big Data; Hadoop; KDC; Kerberos; OAuth; Pre-Authentication; Security; Ticket; Token;
Conference_Titel :
Data Science and Advanced Analytics (DSAA), 2014 International Conference on
DOI :
10.1109/DSAA.2014.7058096
