ss77892 commented on code in PR #303: URL: https://github.com/apache/ozone-site/pull/303#discussion_r2747084157
########## docs/07-system-internals/05-security/01-kerberos.md: ########## @@ -4,29 +4,56 @@ sidebar_label: Kerberos # How Ozone Uses Kerberos -## Tokens +## 1. Kerberos -Ozone uses a notion of tokens to avoid overburdening the Kerberos server. When you serve thousands of requests per second, involving Kerberos might not work well. Hence once an authentication is done, Ozone issues delegation tokens and block tokens to the clients. These tokens allow applications to do specified operations against the cluster, as if they have kerberos tickets with them. Ozone supports following kinds of tokens. +Ozone depends on [Kerberos](https://web.mit.edu/kerberos/) to make the +clusters secure. Historically, HDFS has supported running in an isolated +secure networks where it is possible to deploy without securing the cluster. -### Delegation Token +This release of Ozone follows that model, but soon will move to *secure by Review Comment: Not a good idea. At all. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
