The Kerberos topology
contains multiple tiers, all of which are configured to communicate
with the Kerberos Key Distribution Center (KDC) to allow authentication
to flow from the SAS Data Loader for Hadoop client
machine through to the Hadoop cluster. When you log on to the client
machine, the KDC issues a ticket granting ticket (TGT), which is time
stamped. This TGT is used by the browser to issue a ticket to access SAS Data Loader for Hadoop.
Two different types
of Kerberos systems are available: AD (Windows Active Directory) and
MIT. You might have either a realm for only AD Kerberos or mixed AD
and MIT realms. A realm for only AD Kerberos protects the client machine,
the vApp virtual machine, and the Hadoop cluster all through the AD
domain controller. A realm for only AD Kerberos is simpler because
it requires no further client configuration.
In a common configuration
of mixed realms, AD Kerberos protects both the client machine and
the vApp virtual machine, whereas MIT Kerberos protects only the Hadoop
cluster. The mixed realms can be configured such that AD Kerberos
protects only the client machine, whereas MIT Kerberos protects both
the Hadoop cluster and the vApp virtual machine. Which realm configuration
is in use determines how you must configure Kerberos.