Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
HDFS >> mail # user >> Hadoop Security via Kerberos


Copy link to this message
-
Hadoop Security via Kerberos
Hi

I am trying to learn how Kerberos can be implemented in Hadoop.
I have gone through this doc
https://issues.apache.org/jira/browse/HADOOP-4487
I have also gone through Basic Kerberos stuff (http://web.mit.edu/kerberos/,
https://www.youtube.com/watch?v=KD2Q-2ToloE)

1) The apache doc uses the word "Token" whereas the general doc over the
internet uses the term "Ticket".
     Are Token and Ticket same ?
2) The apache doc also    "DataNodes do not enforce any access control on
accesses to its data blocks.
     This makes it possible for an unauthorized client to read a data block
as
      long as she can supply its block ID. It’s also possible for anyone to
write
      arbitrary data blocks to DataNodes."

My thoughts on this:-
*I can fetch the block Id from file path using the command:-*
hadoop@Studio-1555:/opt/hadoop/hadoop-1.0.2/bin$ ./hadoop fsck
/hadoop/mapred/system/jobtracker.info -files -blocks
FSCK started by hadoop from /127.0.0.1 for path /hadoop/mapred/system/
jobtracker.info at Mon Jul 09 06:57:14 EDT 2012
/hadoop/mapred/system/jobtracker.info 4 bytes, 1 block(s):  OK
0. blk_-9148080207111019586_1001 len=4 repl=1

As I was authorized to access this file jobtracker.info, I was able to find
its blockID using the above command.
I think that if I add some offset to this block ID and write to that
datanode.
*
How can I explicitly mention the blockID while writing a file to HDFS.(What
is the command ?)*
Any other way to  write arbitrary data blocks to DataNodes ?

Please tell me if my approach is wrong ?