Hey Praveen, Please read Section 4 (HDFS), [Sub-point 1 - Performance] of the security design document available as an attachment at https://issues.apache.org/jira/browse/HADOOP-4487
Let us know if that clears your doubt. On Sat, Mar 17, 2012 at 4:58 PM, Praveen Sripati <praveensrip...@gmail.com> wrote: > Hi, > > According to the 'Hadoop - The Definitive Guide' > >> In a distributed system like HDFS or MapReduce, there are many > client-server interactions, each of which must be authenticated. For > example, an HDFS read operation will involve multiple calls to the namenode > and calls to one or more datanodes. Instead of using the three-step > Kerberos ticket exchange protocol to authenticate each call, which would > present a high load on the KDC on a busy cluster, Hadoop uses delegation > tokens to allow later authenticated access without having to contact the > KDC again. > > Once the authentication is established between the client and the NameNode, > there is no need to contact the KDC (Key Distribution Center) till the > ticket expires for any NameNode queries. So, I don't see how delegation > tokens will lower the burden on the KDC by having to contact the KDC fewer > times. > > Could someone please explain me how delegation tokens help? > > Praveen -- Harsh J
