The Hadoop community version provides two authentication modes: Kerberos authentication (security mode) and Simple authentication (non-security mode). When creating a cluster, you can choose to enable or disable Kerberos authentication.
Clusters in security mode use the Kerberos protocol for security authentication.
In non-security mode, MRS cluster components use a native open source authentication mechanism, which is typically Simple authentication. If Simple authentication is used, authentication is automatically performed by a client user (for example, user root) by default when a client connects to a server. The authentication is imperceptible to the administrator or service user. In addition, when being executed, the client may even pretend to be any user (including superuser) by injecting UserGroupInformation. Cluster resource management and data control APIs are not authenticated on the server and are easily exploited and attacked by hackers.
Therefore, in non-security mode, network access permissions must be strictly controlled to ensure cluster security. You are advised to perform the following operations to ensure cluster security.