CN104363095A - Method for establishing hadoop identity authentication mechanism - Google Patents
Method for establishing hadoop identity authentication mechanism Download PDFInfo
- Publication number
- CN104363095A CN104363095A CN201410645216.3A CN201410645216A CN104363095A CN 104363095 A CN104363095 A CN 104363095A CN 201410645216 A CN201410645216 A CN 201410645216A CN 104363095 A CN104363095 A CN 104363095A
- Authority
- CN
- China
- Prior art keywords
- hadoop
- principal
- hdfs
- mapred
- keytab
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007246 mechanism Effects 0.000 title claims abstract description 16
- 238000000034 method Methods 0.000 title abstract description 7
- 238000010276 construction Methods 0.000 claims description 7
- 238000012360 testing method Methods 0.000 description 24
- 230000008859 change Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
Description
技术领域technical field
本发明涉及身份认证领域,尤其涉及一种hadoop的身份认证机制构建方法。The invention relates to the field of identity authentication, in particular to a method for constructing an identity authentication mechanism of hadoop.
背景技术Background technique
大数据时代为hadoop提供了诸多机会。hadoop凭借其在海量数据的良好扩展性、高效的读写以及处理能力,受到了重视。然而,在众多机遇的背后,hadoop也面临着很多挑战。如何保证hadoop的安全性自然就成了一个绕不开的话题,没有访问控制,存储其中的数据可以被随意访问甚至执行删改等误操作,会造成很多潜在的风险。因此,hadoop的访问控制,就成为了一个很重要的需求。The era of big data provides many opportunities for Hadoop. Hadoop has been valued for its good scalability in massive data, efficient reading and writing and processing capabilities. However, behind many opportunities, Hadoop also faces many challenges. How to ensure the security of Hadoop has naturally become an unavoidable topic. Without access control, the data stored in it can be accessed at will or even perform misoperations such as deletion and modification, which will cause many potential risks. Therefore, Hadoop access control has become a very important requirement.
在不含身份认证的hadoop环境中,用户与hadoop分布式文件系统(HDFS)或者M/R进行交互时并不需要进行验证,恶意用户可以伪装成真正的用户或者服务器入侵hadoop集群,恶意提交mapreduce作业,更改JobTracker状态,修改HDFS上的数据等。In a Hadoop environment without authentication, authentication is not required when users interact with Hadoop Distributed File System (HDFS) or M/R. Malicious users can pretend to be real users or servers to invade Hadoop clusters and submit mapreduce maliciously. Jobs, changing JobTracker status, modifying data on HDFS, etc.
目前HDFS增加了文件和目录的权限认证,但是这些只能对偶然的数据丢失起保护作用。恶意用户可以轻易的伪装成其他用户来修改权限,致使权限设置形同虚设,不能够对hadoop集群起到安全保障。At present, HDFS has added permission authentication for files and directories, but these can only protect against accidental data loss. Malicious users can easily pretend to be other users to modify permissions, resulting in the use of permission settings, which cannot guarantee the security of hadoop clusters.
Kerberos协议主要用于计算机网络的身份鉴别(Authentication),其特点是用户只需输入一次身份验证信息就可以凭借此验证获得的票据(ticket-grantingticket)访问多个服务,即SSO(Single Sign On)。由于在每个Client和Service之间建立了共享密钥,使得该协议具有相当的安全性。The Kerberos protocol is mainly used for computer network authentication (Authentication). Its characteristic is that the user can access multiple services with the ticket (ticket-granting ticket) obtained by this verification only by entering the identity verification information once, that is, SSO (Single Sign On) . Since a shared key is established between each Client and Service, the protocol has considerable security.
发明内容Contents of the invention
本发明提供一种hadoop的身份认证机制构建方法,用来解决现有技术中hadoop访问控制不安全,集群节点可能被冒充的问题。The invention provides a hadoop identity authentication mechanism construction method, which is used to solve the problems in the prior art that the hadoop access control is not safe and cluster nodes may be impersonated.
为了解决上述技术问题,本发明提供一种hadoop的身份认证机制构建方法,包括以下步骤:构建密钥分配中心(KDC)服务器;分别为hadoop集群内所有节点创建hdfs principal、mapred principal及HTTP principal;创建包含hdfs principal和HTTP principal的hdfs.keytab文件;创建包含mapred principal和HTTP principal的mapred.keytab文件。In order to solve the above-mentioned technical problems, the present invention provides a kind of identity authentication mechanism construction method of hadoop, comprising the following steps: build key distribution center (KDC) server; Create hdfs principal, mapred principal and HTTP principal for all nodes in hadoop cluster respectively; Create a hdfs.keytab file containing hdfs principal and HTTP principal; create a mapred.keytab file containing mapred principal and HTTP principal.
进一步地,所述hadoop的身份认证机制是通过kerberos协议完成的。Further, the hadoop authentication mechanism is implemented through the kerberos protocol.
进一步地,所述hadoop的身份认证机制构建方法,还包括以下步骤:使用合并后的hdfs.keytab文件和mapred.keytab文件获取证书,并部署hdfs.keytab文件和mapred.keytab文件,以使hdfs和mapred用户可以访问。Further, the hadoop identity authentication mechanism construction method also includes the following steps: use the merged hdfs.keytab file and mapred.keytab file to obtain a certificate, and deploy the hdfs.keytab file and mapred.keytab file, so that hdfs and mapred user can access.
本发明所提供的hadoop的身份认证机制构建方法为hadoop集群提供了基于kerberos协议的可靠、高效且操作简单的身份认证机制,确保恶意用户无法伪装成真正的用户或者服务器入侵hadoop集群,提交mapreduce作业,更改JobTracker状态,修改HDFS上的数据等恶意操作,极大地确保了hadoop集群的可靠安全性。The hadoop identity authentication mechanism construction method provided by the present invention provides a reliable, efficient and easy-to-operate identity authentication mechanism based on the kerberos protocol for the hadoop cluster, ensuring that malicious users cannot pretend to be real users or servers invade the hadoop cluster and submit mapreduce jobs , Changing the JobTracker status, modifying data on HDFS and other malicious operations greatly ensure the reliability and security of the hadoop cluster.
附图说明Description of drawings
图1所示为根据本发明较佳实施例提供的hadoop的身份认证机制构建方法的流程图。FIG. 1 is a flow chart of a method for constructing an identity authentication mechanism of hadoop provided according to a preferred embodiment of the present invention.
具体实施方式Detailed ways
下面结合附图及具体实施例方式对本发明作进一步详细描述。The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.
以如下的现有环境为例进行说明:一个可用的系统包yum源(本地、网络均可);一个可用的三个节点的hadoop集群环境,且三个节点的主机名分别为:node01.test.com、node02.test.com、node03.test.com。Take the following existing environment as an example: an available system package yum source (both local and network); an available three-node hadoop cluster environment, and the host names of the three nodes are: node01.test .com, node02.test.com, node03.test.com.
如图1所示,具体步骤描述如下。As shown in Figure 1, the specific steps are described as follows.
于步骤S1,安装kerberos服务所需的安装包,并修改相关配置文件,构建密钥分配中心(KDC)服务器。具体而言,所有节点安装krb5-workstation、krb5-workstation及其依赖包,KDC节点另外安装krb5-server。In step S1, the installation package required by the kerberos service is installed, and related configuration files are modified to build a key distribution center (KDC) server. Specifically, all nodes install krb5-workstation, krb5-workstation and their dependent packages, and KDC nodes also install krb5-server.
于步骤S2,创建新的principal数据库为hadoop集群使用。其中,principal表示参加kerberos认证的基本实体(例如,客户端或服务器端)。In step S2, a new principal database is created for use by the hadoop cluster. Wherein, principal represents a basic entity (for example, a client or a server) participating in kerberos authentication.
于步骤S3,更改kerberos的相关配置,创建kerberos远程管理的管理员。具体如下:更改配置文件/etc/krb5.conf;更改配置文件/var/kerberos/krb5kdc/kdc.conf;更改配置文件/var/kerberos/krb5kdc/kadm5.acl;并将/etc/krb5.conf拷贝到其他节点的相同目录替换。In step S3, change the relevant configuration of kerberos, and create an administrator for kerberos remote management. The details are as follows: change the configuration file /etc/krb5.conf; change the configuration file /var/kerberos/krb5kdc/kdc.conf; change the configuration file /var/kerberos/krb5kdc/kadm5.acl; and copy /etc/krb5.conf to the same directory on other nodes for replacement.
于步骤S4,分别为hadoop集群内所有节点创建principal。其中,包括创建hdfs principal、mapred principal及HTTP principal。In step S4, principals are created for all nodes in the hadoop cluster. Among them, including creating hdfs principal, mapred principal and HTTP principal.
其中,创建hdfs principal的方式如下:Among them, the way to create hdfs principal is as follows:
#kadmin.local#kadmin.local
Kadmin:addprinc-randkey hdfs/node01.test.comHADOOPKadmin:addprinc-randkey hdfs/node01.test.comHADOOP
Kadmin:addprinc-randkey hdfs/node02.test.comHADOOPKadmin:addprinc-randkey hdfs/node02.test.comHADOOP
Kadmin:addprinc-randkey hdfs/node03.test.comHADOOPKadmin:addprinc-randkey hdfs/node03.test.comHADOOP
创建mapred principal的方式如下:The way to create a mapred principal is as follows:
#kadmin.local#kadmin.local
Kadmin:addprinc-randkey mapred/node01.test.comHADOOPKadmin:addprinc-randkey mapred/node01.test.comHADOOP
Kadmin:addprinc-randkey mapred/node02.test.comHADOOPKadmin:addprinc-randkey mapred/node02.test.comHADOOP
Kadmin:addprinc-randkey mapred/node03.test.comHADOOPKadmin:addprinc-randkey mapred/node03.test.comHADOOP
创建HTTP principal的方式如下:The way to create HTTP principal is as follows:
#kadmin.local#kadmin.local
Kadmin:addprinc-randkey HTTP/node01.test.comHADOOPKadmin:addprinc-randkey HTTP/node01.test.comHADOOP
Kadmin:addprinc-randkey HTTP/node02.test.comHADOOPKadmin:addprinc-randkey HTTP/node02.test.comHADOOP
Kadmin:addprinc-randkey HTTP/node03.test.comHADOOPKadmin:addprinc-randkey HTTP/node03.test.comHADOOP
于步骤S5,创建相应的keytab。于此,创建包含hdfs principal和HTTPprincipal的hdfs.keytab文件,及创建包含mapred principal和HTTP principal的mapred.keytab文件。In step S5, a corresponding keytab is created. Here, create a hdfs.keytab file containing hdfs principal and HTTP principal, and create a mapred.keytab file containing mapred principal and HTTP principal.
创建包含hdfs principal和HTTP principal的hdfs.keytab文件,如下:Create hdfs.keytab file containing hdfs principal and HTTP principal, as follows:
kadmin:xst-norandkey-k hdfs.keytab hdfs/node01.test.comHADOOPHTTP/node01.test.comHADOOPkadmin:xst-norandkey-k hdfs.keytab hdfs/node01.test.comHADOOPHTTP/node01.test.comHADOOP
kadmin:xst-norandkey-k hdfs.keytab hdfs/node02.test.comHADOOPHTTP/node02.test.comHADOOPkadmin:xst-norandkey-k hdfs.keytab hdfs/node02.test.comHADOOPHTTP/node02.test.comHADOOP
kadmin:xst-norandkey-k hdfs.keytabhdfs/node03.test.comHADOOPHTTP/node03.test.comHADOOPkadmin:xst-norandkey-k hdfs.keytabhdfs/node03.test.comHADOOPHTTP/node03.test.comHADOOP
创建包含mapred principal和HTTP principal的mapred.keytab文件,如下:Create a mapred.keytab file containing mapred principal and HTTP principal, as follows:
kadmin:xst-norandkey-k mapred.keytabmapred/node01.test.comHADOOP HTTP/node01.test.comHADOOPkadmin:xst-norandkey-k mapred.keytabmapred/node01.test.comHADOOP HTTP/node01.test.comHADOOP
kadmin:xst-norandkey-k mapred.keytabmapred/node02.test.comHADOOP HTTP/node02.test.comHADOOPkadmin:xst-norandkey-k mapred.keytabmapred/node02.test.comHADOOP HTTP/node02.test.comHADOOP
kadmin:xst-norandkey-k mapred.keytabmapred/node03.test.comHADOOP HTTP/node03.test.comHADOOPkadmin:xst-norandkey-k mapred.keytabmapred/node03.test.comHADOOP HTTP/node03.test.comHADOOP
于步骤S6,使用合并后的keytab获取证书,方式如下:In step S6, use the merged keytab to obtain the certificate in the following manner:
#kinit–k–t hdfs.keytab hdfs/node01.inspur.comHADOOP#kinit–k–t hdfs.keytab hdfs/node01.inspur.comHADOOP
#kinit–k–t mapred.keytab mapred/node01.inspur.comHADOOP#kinit–k–t mapred.keytab mapred/node01.inspur.comHADOOP
于步骤S7,部署kerberos keytab文件,使其可以被hdfs和mapred用户访问。具体而言,将步骤S5中生成的hdfs.keytab移动到$HADOOP_HOME/conf下,将步骤S5中生成的mapred.keytab移动到$HADOOP_HOME/conf下In step S7, the kerberos keytab file is deployed so that it can be accessed by hdfs and mapred users. Specifically, move the hdfs.keytab generated in step S5 to $HADOOP_HOME/conf, and move the mapred.keytab generated in step S5 to $HADOOP_HOME/conf
于步骤S8,添加kerberos自启动及重启服务。In step S8, add kerberos self-starting and restarting services.
于步骤S9,停止hadoop集群所有服务。In step S9, all services of the hadoop cluster are stopped.
于步骤S10,更改hadoop相关配置文件,使得hadoop集群使用kerberos协议进行身份认证。In step S10, change hadoop-related configuration files so that the hadoop cluster uses the kerberos protocol for identity authentication.
具体而言,在$HADOOP_HOME/core-site.xml中添加或修改以下内容:Specifically, add or modify the following in $HADOOP_HOME/core-site.xml:
<property><property>
<name>hadoop.security.authentication</name><name>hadoop.security.authentication</name>
<value>kerberos</value><value>kerberos</value>
</property></property>
<property><property>
<name>hadoop.security.authorization</name><name>hadoop.security.authorization</name>
<value>true</value><value>true</value>
</property></property>
在$HADOOP_HOME/conf/hdfs-site.xml中添加以下内容:Add the following to $HADOOP_HOME/conf/hdfs-site.xml:
<property><property>
<name>dfs.namenode.keytab.file</name><name>dfs.namenode.keytab.file</name>
<value>$HADOOP_HOME/conf/hdfs.keytab</value><value>$HADOOP_HOME/conf/hdfs.keytab</value>
</property></property>
<property><property>
<name>dfs.namenode.kerberos.principal</name><name>dfs.namenode.kerberos.principal</name>
<value>hdfs/_HOSTHADOOP</value><value>hdfs/_HOSTHADOOP</value>
</property></property>
<property><property>
<name>dfs.namenode.kerberos.internal.spnego.principal</name><name>dfs.namenode.kerberos.internal.spnego.principal</name>
<value>HTTP/_HOSTHADOOP</value><value>HTTP/_HOSTHADOOP</value>
</property></property>
<property><property>
<name>dfs.secondary.namenode.keytab.file</name><name>dfs.secondary.namenode.keytab.file</name>
<value>$HADOOP_HOME/conf/hdfs.keytab</value><value>$HADOOP_HOME/conf/hdfs.keytab</value>
</property></property>
<property><property>
<name>dfs.secondary.namenode.kerberos.principal</name><name>dfs.secondary.namenode.kerberos.principal</name>
<value>hdfs/_HOSTHADOOP</value><value>hdfs/_HOSTHADOOP</value>
</property></property>
<property><property>
<name>dfs.secondary.namenode.kerberos.internal.spnego.principal</name><name>dfs.secondary.namenode.kerberos.internal.spnego.principal</name>
<value>HTTP/_HOSTHADOOP</value><value>HTTP/_HOSTHADOOP</value>
</property></property>
<property><property>
<name>dfs.datanode.keytab.file</name><name>dfs.datanode.keytab.file</name>
<value>$HADOOP_HOME/conf/hdfs.keytab</value><value>$HADOOP_HOME/conf/hdfs.keytab</value>
</property></property>
<property><property>
<name>dfs.datanode.kerberos.principal</name><name>dfs.datanode.kerberos.principal</name>
<value>hdfs/_HOSTHADOOP</value><value>hdfs/_HOSTHADOOP</value>
</property></property>
<property><property>
<name>dfs.datanode.kerberos.internal.spnego.principal</name><name>dfs.datanode.kerberos.internal.spnego.principal</name>
<value>HTTP/_HOSTHADOOP</value><value>HTTP/_HOSTHADOOP</value>
</property></property>
在$HADOOP_HOME/conf/mapred-site.xml中添加以下内容:Add the following to $HADOOP_HOME/conf/mapred-site.xml:
<property><property>
<name>mapreduce.jobtracker.kerberos.principal</name><name>mapreduce.jobtracker.kerberos.principal</name>
<value>mapred/_HOSTHADOOP</value><value>mapred/_HOSTHADOOP</value>
</property></property>
<property><property>
<name>mapreduce.jobtracker.kerberos.https.principal</name><name>mapreduce.jobtracker.kerberos.https.principal</name>
<value>host/_HOSTHADOOP</value><value>host/_HOSTHADOOP</value>
</property></property>
<property><property>
<name>mapreduce.jobtracker.keytab.file</name><name>mapreduce.jobtracker.keytab.file</name>
<value>$HADOOP_HOME/conf/mapred.keytab</value><value>$HADOOP_HOME/conf/mapred.keytab</value>
</property></property>
<property><property>
<name>mapreduce.tasktracker.kerberos.principal</name><name>mapreduce.tasktracker.kerberos.principal</name>
<value>mapred/_HOSTHADOOP</value><value>mapred/_HOSTHADOOP</value>
</property></property>
<property><property>
<name>mapreduce.tasktracker.kerberos.https.principal</name><name>mapreduce.tasktracker.kerberos.https.principal</name>
<value>host/_HOSTHADOOP</value><value>host/_HOSTHADOOP</value>
</property></property>
<property><property>
<name>mapreduce.tasktracker.keytab.file</name><name>mapreduce.tasktracker.keytab.file</name>
<value>$HADOOP_HOME/conf/mapred.keytab</value><value>$HADOOP_HOME/conf/mapred.keytab</value>
</property></property>
并拷贝$HADOOP_HOME下core-site.xml、hdfs-site.xml、mapred-site.xml、hdfs.keytab、mapred.keytab到其他节点对应目录。And copy core-site.xml, hdfs-site.xml, mapred-site.xml, hdfs.keytab, mapred.keytab under $HADOOP_HOME to corresponding directories of other nodes.
于步骤11,重启hadoop集群,验证所有功能是否正常。若启动成功,则hadoop的身份认证机制构建成功。In step 11, restart the hadoop cluster to verify that all functions are normal. If the startup is successful, the identity authentication mechanism of Hadoop is successfully constructed.
以上显示和描述了本发明的基本原理和主要特征和本发明的优点。本发明不受上述实施例的限制,上述实施例和说明书中描述的只是说明本发明的原理,在不脱离本发明精神和范围的前提下,本发明还会有各种变化和改进,这些变化和改进都落入要求保护的本发明范围内。The basic principles and main features of the present invention and the advantages of the present invention have been shown and described above. The present invention is not limited by the above-mentioned embodiments, and what described in the above-mentioned embodiments and the description only illustrates the principle of the present invention, and without departing from the spirit and scope of the present invention, the present invention also has various changes and improvements, these changes All modifications and improvements are within the scope of the claimed invention.
Claims (3)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410645216.3A CN104363095A (en) | 2014-11-12 | 2014-11-12 | Method for establishing hadoop identity authentication mechanism |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410645216.3A CN104363095A (en) | 2014-11-12 | 2014-11-12 | Method for establishing hadoop identity authentication mechanism |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104363095A true CN104363095A (en) | 2015-02-18 |
Family
ID=52530323
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410645216.3A Pending CN104363095A (en) | 2014-11-12 | 2014-11-12 | Method for establishing hadoop identity authentication mechanism |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104363095A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295384A (en) * | 2015-05-21 | 2017-01-04 | 中国移动通信集团重庆有限公司 | A kind of big data platform access control method, device and certificate server |
| CN106375323A (en) * | 2016-09-09 | 2017-02-01 | 浪潮软件股份有限公司 | Kerberos identity authentication method in multi-tenant mode |
| WO2017206960A1 (en) * | 2016-06-03 | 2017-12-07 | 中兴通讯股份有限公司 | Data transmission method, data transfer client and data transfer executor |
| CN107483491A (en) * | 2017-09-19 | 2017-12-15 | 山东大学 | An access control method for distributed storage in cloud environment |
| CN112540830A (en) * | 2020-12-21 | 2021-03-23 | 广州华资软件技术有限公司 | Method for simultaneously supporting multiple Kerberos authentication in single JVM process |
| CN113377454A (en) * | 2021-06-23 | 2021-09-10 | 浪潮云信息技术股份公司 | Method for realizing Flink dynamic connection Kerberos authentication component |
| CN114745130A (en) * | 2022-04-02 | 2022-07-12 | 杭州玳数科技有限公司 | Authentication method and device for multiple KDC data sources |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457555A (en) * | 2010-10-28 | 2012-05-16 | 中兴通讯股份有限公司 | Security system and method for distributed storage |
-
2014
- 2014-11-12 CN CN201410645216.3A patent/CN104363095A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457555A (en) * | 2010-10-28 | 2012-05-16 | 中兴通讯股份有限公司 | Security system and method for distributed storage |
Non-Patent Citations (3)
| Title |
|---|
| XJC2694,: ""hadoop添加kerberos认证"", 《HTTP://BLOG.CHINAUNIX.NET/UID-1838361-ID-3243243.HTML》 * |
| 王超,: ""Hadoop框架下的身份认证技术研究"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
| 范学辉,: ""基于HDFS架构的云存储访问控制机制的研究与设计"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295384A (en) * | 2015-05-21 | 2017-01-04 | 中国移动通信集团重庆有限公司 | A kind of big data platform access control method, device and certificate server |
| CN106295384B (en) * | 2015-05-21 | 2020-04-10 | 中国移动通信集团重庆有限公司 | Big data platform access control method and device and authentication server |
| WO2017206960A1 (en) * | 2016-06-03 | 2017-12-07 | 中兴通讯股份有限公司 | Data transmission method, data transfer client and data transfer executor |
| CN107465644A (en) * | 2016-06-03 | 2017-12-12 | 中兴通讯股份有限公司 | Data transmission method, data transmission client and data transmission actuator |
| CN107465644B (en) * | 2016-06-03 | 2021-02-23 | 中兴通讯股份有限公司 | Data transmission method, data transmission client and data transmission executor |
| CN106375323A (en) * | 2016-09-09 | 2017-02-01 | 浪潮软件股份有限公司 | Kerberos identity authentication method in multi-tenant mode |
| CN107483491A (en) * | 2017-09-19 | 2017-12-15 | 山东大学 | An access control method for distributed storage in cloud environment |
| CN112540830A (en) * | 2020-12-21 | 2021-03-23 | 广州华资软件技术有限公司 | Method for simultaneously supporting multiple Kerberos authentication in single JVM process |
| CN113377454A (en) * | 2021-06-23 | 2021-09-10 | 浪潮云信息技术股份公司 | Method for realizing Flink dynamic connection Kerberos authentication component |
| CN114745130A (en) * | 2022-04-02 | 2022-07-12 | 杭州玳数科技有限公司 | Authentication method and device for multiple KDC data sources |
| CN114745130B (en) * | 2022-04-02 | 2023-12-08 | 杭州玳数科技有限公司 | Authentication method and device for multi-KDC data source |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111183426B (en) | System and method for blockchain-based notification | |
| US11750609B2 (en) | Dynamic computing resource access authorization | |
| US11102189B2 (en) | Techniques for delegation of access privileges | |
| US11347876B2 (en) | Access control | |
| US10911428B1 (en) | Use of metadata for computing resource access | |
| US10956614B2 (en) | Expendable access control | |
| US9961053B2 (en) | Detecting compromised credentials | |
| US9294485B2 (en) | Controlling access to shared content in an online content management system | |
| US10263994B2 (en) | Authorized delegation of permissions | |
| US10565402B2 (en) | System and method for serving online synchronized content from a sandbox domain via a temporary address | |
| US10944561B1 (en) | Policy implementation using security tokens | |
| US10362013B2 (en) | Out of box experience application API integration | |
| US8966021B1 (en) | Composable machine image | |
| US9516107B2 (en) | Secure local server for synchronized online content management system | |
| US9817987B2 (en) | Restricting access to content | |
| CN104363095A (en) | Method for establishing hadoop identity authentication mechanism | |
| US10148637B2 (en) | Secure authentication to provide mobile access to shared network resources | |
| US9900152B2 (en) | Distributed public key revocation | |
| CN115668147A (en) | Preventing unauthorized deployment of packages in a cluster | |
| US10846463B2 (en) | Document object model (DOM) element location platform | |
| US10542008B2 (en) | Proxy authorization of a network device | |
| CN107409129B (en) | Use the authorization in accesses control list and the distributed system of group | |
| JP7695023B2 (en) | Self-auditing blockchain | |
| CN105637471B (en) | Method and device for monitoring and controlling a storage environment | |
| CN112311830B (en) | Multi-tenant authentication system and method for Hadoop cluster based on cloud storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150218 |
|
| WD01 | Invention patent application deemed withdrawn after publication |