Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # dev >> Hadoop Security


Copy link to this message
-
Re: Hadoop Security
See HBASE-1697 and go from there: https://issues.apache.org/jira/browse/HBASE-1697
We will try to track as closely to Hadoop ASF common as we can, same AAA top to bottom, HBase->RPC->HDFS.

  - Andy

----- Original Message ----
> From: "Segel, Mike" <[EMAIL PROTECTED]>
> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> Sent: Mon, February 22, 2010 7:18:47 AM
> Subject: RE: Hadoop Security
>
> Hi,
>
> Sorry for jumping in to this late, but has anyone thought about how this could
> be extended in to HBase?
> I realize this is Hadoop security, but eventually HBase and other apps that sit
> on top of hadoop will have to deal with security issues too.
>
> I'm not suggesting that a solution be worked out now, but that the solution for
> Hadoop can be extended to cover the apps that sit on top of Hadoop.
>
> Thx
>
> -Mike
>
> -----Original Message-----
> From: Owen O'Malley [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, February 21, 2010 4:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Hadoop Security
>
>
> On Feb 17, 2010, at 9:57 PM, [EMAIL PROTECTED] wrote:
>
> >  Analyzed that kerberos cab be used for user authentication.when the  
> > user
> > wants to submit a job he/she can get delegation token followed by  
> > block
> > access token to access data from HDFS.So the client is overloaded with
> > initial 2 tickets (kerberos) TGT(Ticket grating Ticket),ST (service
> > ticket)followed by delegation token and block access token..Is that  
> > right??
>
> When the user logs in to the system, they get a TGT. When they want to  
> submit a job, they'll get two service tickets (one for the Name Node  
> and one for the Job Tracker). They will get a delegation token from  
> the NameNode and include that as part of the job. So in total,  
> submitting a job should only take those 2 interactions with the  
> Kerberos KDC.
>
> -- Owen
>
>
> The information contained in this communication may be CONFIDENTIAL and is
> intended only for the use of the recipient(s) named above.  If you are not the
> intended recipient, you are hereby notified that any dissemination,
> distribution, or copying of this communication, or any of its contents, is
> strictly prohibited.  If you have received this communication in error, please
> notify the sender and delete/destroy the original message and any copy of it
> from your computer or paper files.