Since we have now CDH5 cluster ready to store and process large data from above topics. Once the cluster is running, it is very important to consider security in production environment for both data and services. As an administrator should be aware of tools to secure cluster environment to allow authenticated users only to access permitted services and data. We will be setting up Kerberos to provide authentication for users and cluster services. This service enabled by symmetric key encryption using Key Distribution Center (KDC), a trusted third party. KDC has the following parts.
- AS – Authentication Server – responsible for handling a login request from a user.
- Has a database of secret keys
- TGS – Ticket Granting Server – responsible for setting up secure channel for communication
- Hands out tickets to user to authorize user on server
- Ticket – encrypted data structure naming a user and a service that a user is allowed with time value and control information.
- Database – stores the secret keys of all the users and services on the network
- Client A authenticates itself to Authentication server
- Then contacts TGS to get the service ticket
- Client A contacts Service server using this ticket to receive the approved service
Features of Kerberos
- Kerberos is pluggable to any suite of applications without major modifications.
- Kerberos was carefully designed to withstand attacks in distributed environment.
- No password communicated on the network
- Cryptographic protection
- Each ticket is issued for a limited period of time. The ticket contains a timestamp with which a receiving server determines the ticket validity.
- Kerberos requires reliable access to a universal clock. Each user request to a server is stamped with the time of the request. This time is compared to the current time. The request is accepted only if the time is reasonably close to the current time
- Single point of failure – Kerberos maintains all its authentication-related information in one place and does not maintain it in any distributed fashion across the network.
- Requires synchronization of involved host’s clocks.
- The administration protocol is not standardized.
- Compromise of central server will compromise all users’ secret keys. If stolen, TGT can be used to access network services of others.
- AS Authentication Server.
- KDC Key Distribution Center
- TGS Ticket Granting Server
- SS Service Server
- TGT Ticket Granting Ticket
Terms related to Kerberos
- Realm – A network environment domain for authentication. E.g.: MYITVERSITY.COM
- Principal – It can be user, service or server part of the environment which has entry in KDC database. Principal will the following three parts.
- Primary – username that is part of configuration
- Instance – classifying an user further by adding qualification like admin etc.
- Realm – Service running on a host that is part of configuration
- E.g.: hdfs/cdhnew0@MYITVERSITY.COM -> primary/Instance@Realm
- Keys – All keys associated principals located in centralized shared location KDC which will encrypt and decrypt tickets for authentication.
- Keytab – Contains list of keys for services, service uses a key generated and stored in keytab file for authentication which is shared secret key that also exists in KDC.