The Kerberos mode

User authentication and authorization is weak in the simple mode. The data transfers and RPCs from the clients to the NameNode and DataNode are not encrypted. The Kerberos mode introduced in the Hadoop ecosystem provides a secure Hadoop environment.

The Kerberos service comprises of a client-server architecture that provides secure transactions over networks. The service offers strong user authentication, as well as integrity and privacy. The authentication verifies the identities of the sender and the receiver in a network transaction. The service also checks for data integrity and encrypts the data during transmission.

Using the Kerberos service, you can log on to other machines, execute commands, exchange data, and transfer files securely. Additionally, Kerberos provides authorization services that allow administrators to restrict access to services and machines.

Client, KDC and Server interaction under Kerberos.

So, in the Kerberos mode, only authorized users can access services, thereby preventing an unauthorized access to services. The Kerberos mode also encrypts the data during transmission to avoid data exposure.

To enable Kerberos, configure the core-site.xml as follows: (the default is “simple”)