User authentication

Hadoop can use the native user-authentication methods of the server. For example, in Linux-based machines, users can be authenticated based on the IDs defined in the system's /etc/passwd files. In other words, Hadoop inherits the user authentication set up on the server side.

User authentication via Kerberos, a cross-platform authentication protocol, is also commonly used in Hadoop clusters. Kerberos works based on a concept of tickets that grant privileges to users on a temporary as-needed basis. Tickets can be invalidated using Kerberos commands, thus restricting the users' rights to access resources on the cluster as needed.

Note that even if the user is permitted to access data (user authentication), he or she can still be limited in what data can be accessed due to another feature known as authorization. The term implies that even if the user can authenticate and log in to the system, the user may be restricted to only the data the user is authorized to access. This level of authorization is generally performed using native HDFS commands to change directory and file ownerships to the named users.