关键词: Hadoop, HDFS安全, Kerberos, PKI

Abstract: We detailedly analyze existing Kerberos scheme to solve the authentication and secure transmission in the process of file service of Hadoop Distributed File System(HDFS), a core subproject of Hadoop. We then generalize the negatives of its security and efficiency. We further apply PKI based digital certificate authentication and digital envelop based AES symmetric encryption to the security mechanism of HDFS. Analysis shows that the approach can provide a safer and more efficient solution for HDFS service, as compared with Kerberos.

Key words: Kerberos, PKI, Hadoop, security of HDFS