Twitter faced challenges in kerberizing their Hadoop clusters, but they were able to enforce strong Authentication, Authorization, and Accountability for Hadoop data access by making code changes, developing keytab generation and distribution services, and implementing delegation token renewal. They took a multi-pronged approach to kerberizing their clusters one at a time, with minimal disruption to customer use cases.
Table of contents
AuthorsBackgroundKerberization Building BlocksConstraints for Kerberizing Hadoop @ TwitterStrategies ConsideredSolutionAuto-login from keytabDelegation Tokens and cross cluster jobsSort: