On Feb 17, 2010, at 9:57 PM, gs...@tce.edu wrote:
Analyzed that kerberos cab be used for user authentication.when the
user
wants to submit a job he/she can get delegation token followed by
block
access token to access data from HDFS.So the client is overloaded with
initial 2 tickets (kerberos) TGT(Ticket grating Ticket),ST (service
ticket)followed by delegation token and block access token..Is that
right??
When the user logs in to the system, they get a TGT. When they want to
submit a job, they'll get two service tickets (one for the Name Node
and one for the Job Tracker). They will get a delegation token from
the NameNode and include that as part of the job. So in total,
submitting a job should only take those 2 interactions with the
Kerberos KDC.
-- Owen
