| PlantUML |
|---|
@startuml
autonumber
hide footbox
title Linux Multi Kerberos Realm with Active Directory
box "Gateway Node"
actor "User\n(user)" as User
participant Client as "Hadoop\nClient\n(cli)" #lightgreen
participant UTC as "User's\nTicket\nCache"
end box
box "Corporate Network"
participant AD as "Active\nDirectory\n(ad)"
end box
box "Hadoop Cluster"
participant KDC as "MIT\nKDC\n(mit)"
participant SKT as "Service's\nKeytab"
participant Hadoop as "Hadoop\nServices\n(eg hdfs)" #lightgreen
end box
note over KDC
Contains
service
accounts
end note
note over AD
Contains user
accounts &
group info
end note
Hadoop->KDC: kinit(hdfs):hdfs-mit-tgt
activate Hadoop
Hadoop->SKT: load:password
deactivate Hadoop
User->AD: login(guest):user-ad-tgt
activate User
User->UTC: store(user-ad-tgt)
deactivate User
User->Client: hadoop fs ls
activate Client
Client->UTC: load():user-ad-tgt
Client->AD: tgsReq(user-ad-tgt,mit):user-mit-tgt
Client->KDC: tgsReq(user-mit-tgt,hdfs):user-hdfs-st
Client->Hadoop: ls[user-hdfs-st](dir):files
activate Hadoop
Hadoop->Hadoop: verify(user-hdfs-st)
Hadoop->AD: groupLookup(user):groups
deactivate Hadoop
deactivate Client
@enduml
|
Page History
Overview
Content Tools
Apps