Security Guide · Version 1.4.0 · October 2016
Copyright © 2015, 2016 Oracle and/or its affiliates. All rights reserved.
The Kerberos network authentication protocol enables client/server applications to identify one another in a secure manner, even when communicating over an unsecured network.
Individual applications are called principals in Kerberos terminology. Each principal has a keytab file, which contains its key, or password. Keytab files enable principals to authenticate automatically, without human interaction. When one principal wants to communicate with another, it uses its keytab file to obtain a ticket. It then presents the ticket to the other principal for authentication and is only granted access if its credentials are recognized.
Because Kerberos authentication uses strong encryption, it can work over unsecured networks. Additionally, tickets can be configured to expire after a set period of time to minimize risk if they become compromised.
BDD can be configured to use Kerberos authentication for its communications with Hadoop. You can set this up before or after installation; for more information, see the Installation Guide and the Administrator's Guide.
Security Guide · Version 1.4.0 · October 2016
Copyright © 2015, 2016 Oracle and/or its affiliates. All rights reserved.