@startuml
title Windows On-Premises Single Active Directory Realm
autonumber
hide footbox
box "User's Desktop"
actor "User\n(user)" as User
participant Client as "Hadoop\nClient" #lightgreen
participant UKT as "User's\nTicket\nCache"
end box
box "Hadoop Cluster"
participant Hadoop as "Hadoop\nService\n(eg hdfs)" #lightgreen
participant SKT as "Service's\nKeytab"
end box
box "Corporate Network"
participant AD as "Active\nDirectory"
end box
note over AD
Contains user & service
accounts and groups
end note
Hadoop->AD: kinit(hdfs):hdfs-tgt
activate Hadoop
Hadoop->SKT: load():password
note right: Load password from Keytab
Hadoop->Hadoop: store(hdfs-tgt)
note right: Store TGT in memory
deactivate Hadoop
User->AD: login(guest,password):user-tgt
activate User
User->UKT: store(user-tgt)
deactivate User
User->Client: hadoop fs ls
activate Client
Client->UKT: load():user-tgt
Client->AD: tgsReq(user-tgt):user-hdfs-st
Client->Hadoop: ls[user-hdfs-st](dir):files
activate Hadoop
Hadoop->Hadoop: verify(user-hdfs-st)
Hadoop->AD: groupLookup(user):groups
deactivate Hadoop
deactivate Client
@enduml
|