Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # dev >> Hadoop Security


Copy link to this message
-
Re: Hadoop Security
See HBASE-1697 and go from there: https://issues.apache.org/jira/browse/HBASE-1697
We will try to track as closely to Hadoop ASF common as we can, same AAA top to bottom, HBase->RPC->HDFS.

  - Andy

----- Original Message ----
> From: "Segel, Mike" <[EMAIL PROTECTED]>
> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> Sent: Mon, February 22, 2010 7:18:47 AM
> Subject: RE: Hadoop Security
>
> Hi,
>
> Sorry for jumping in to this late, but has anyone thought about how this could
> be extended in to HBase?
> I realize this is Hadoop security, but eventually HBase and other apps that sit
> on top of hadoop will have to deal with security issues too.
>
> I'm not suggesting that a solution be worked out now, but that the solution for
> Hadoop can be extended to cover the apps that sit on top of Hadoop.
>
> Thx
>
> -Mike
>
> -----Original Message-----
> From: Owen O'Malley [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, February 21, 2010 4:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Hadoop Security
>
>
> On Feb 17, 2010, at 9:57 PM, [EMAIL PROTECTED] wrote:
>
> >  Analyzed that kerberos cab be used for user authentication.when the  
> > user
> > wants to submit a job he/she can get delegation token followed by  
> > block
> > access token to access data from HDFS.So the client is overloaded with
> > initial 2 tickets (kerberos) TGT(Ticket grating Ticket),ST (service
> > ticket)followed by delegation token and block access token..Is that  
> > right??
>
> When the user logs in to the system, they get a TGT. When they want to  
> submit a job, they'll get two service tickets (one for the Name Node  
> and one for the Job Tracker). They will get a delegation token from  
> the NameNode and include that as part of the job. So in total,  
> submitting a job should only take those 2 interactions with the  
> Kerberos KDC.
>
> -- Owen
>
>
> The information contained in this communication may be CONFIDENTIAL and is
> intended only for the use of the recipient(s) named above.  If you are not the
> intended recipient, you are hereby notified that any dissemination,
> distribution, or copying of this communication, or any of its contents, is
> strictly prohibited.  If you have received this communication in error, please
> notify the sender and delete/destroy the original message and any copy of it
> from your computer or paper files.
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB