airawat · August 7, 2017 20:57
diff --git a/Security-GlossaryOfTerms b/Security-GlossaryOfTerms
 Kerberos
 Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography

 Kerberos Principals
 A user in Kerberos is called a principal, which is made up of three distinct components: the primary, instance, and realm. 
 A Kerberos principal is used in a Kerberos-secured system to represent a unique identity. 
 The first component of the principal is called the primary, or sometimes the user component. 
 The primary component is an arbitrary string and may be the operating system username of the user or the name of a service. 
 The primary component is followed by an optional section called the instance, which is used to create principals that are used by users in special roles or to define the host on which a service runs, for example. 
 An instance, if it exists, is separated from the primary by a slash and then the content is used to disambiguate multiple principals for a single user or service. 
 The final component of the principal is the realm. The realm is similar to a domain in DNS in that it logically defines a related group of objects, although rather than hostnames as in DNS, the Kerberos realm defines a group of principals . 
 Each realm can have its own settings including the location of the KDC on the network and supported encryption algorithms. 
 Large organizations commonly create distinct realms to delegate administration of a realm to a group within the enterprise. 
 Realms, by convention, are written in uppercase characters.

 Kerberos assigns tickets to Kerberos principals to enable them to access Kerberos-secured Hadoop services. 
 For the Hadoop daemon principals, the principal names should be of the format username/[email protected]. 
 In this guide, username in the username/[email protected] principal refers to the username of an existing Unix account that is used by Hadoop daemons, such as hdfs or mapred. 
 Human users who want to access the Hadoop cluster also need to have Kerberos principals; in this case, username refers to the username of the user's Unix account, such as joe or jane. Single-component principal names (such as [email protected]) are acceptable for client user accounts. Hadoop does not support more than two-component principal names.
	Kerberos
	Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography

	Kerberos Principals
	A user in Kerberos is called a principal, which is made up of three distinct components: the primary, instance, and realm.
	A Kerberos principal is used in a Kerberos-secured system to represent a unique identity.
	The first component of the principal is called the primary, or sometimes the user component.
	The primary component is an arbitrary string and may be the operating system username of the user or the name of a service.
	The primary component is followed by an optional section called the instance, which is used to create principals that are used by users in special roles or to define the host on which a service runs, for example.
	An instance, if it exists, is separated from the primary by a slash and then the content is used to disambiguate multiple principals for a single user or service.
	The final component of the principal is the realm. The realm is similar to a domain in DNS in that it logically defines a related group of objects, although rather than hostnames as in DNS, the Kerberos realm defines a group of principals .
	Each realm can have its own settings including the location of the KDC on the network and supported encryption algorithms.
	Large organizations commonly create distinct realms to delegate administration of a realm to a group within the enterprise.
	Realms, by convention, are written in uppercase characters.

	Kerberos assigns tickets to Kerberos principals to enable them to access Kerberos-secured Hadoop services.
	For the Hadoop daemon principals, the principal names should be of the format username/[email protected].
	In this guide, username in the username/[email protected] principal refers to the username of an existing Unix account that is used by Hadoop daemons, such as hdfs or mapred.
	Human users who want to access the Hadoop cluster also need to have Kerberos principals; in this case, username refers to the username of the user's Unix account, such as joe or jane. Single-component principal names (such as [email protected]) are acceptable for client user accounts. Hadoop does not support more than two-component principal names.