Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
HDFS >> mail # user >> Hadoop Security via Kerberos


Copy link to this message
-
Hadoop Security via Kerberos
Hi

I am trying to learn how Kerberos can be implemented in Hadoop.
I have gone through this doc
https://issues.apache.org/jira/browse/HADOOP-4487
I have also gone through Basic Kerberos stuff (http://web.mit.edu/kerberos/,
https://www.youtube.com/watch?v=KD2Q-2ToloE)

1) The apache doc uses the word "Token" whereas the general doc over the
internet uses the term "Ticket".
     Are Token and Ticket same ?
2) The apache doc also    "DataNodes do not enforce any access control on
accesses to its data blocks.
     This makes it possible for an unauthorized client to read a data block
as
      long as she can supply its block ID. It’s also possible for anyone to
write
      arbitrary data blocks to DataNodes."

My thoughts on this:-
*I can fetch the block Id from file path using the command:-*
hadoop@Studio-1555:/opt/hadoop/hadoop-1.0.2/bin$ ./hadoop fsck
/hadoop/mapred/system/jobtracker.info -files -blocks
FSCK started by hadoop from /127.0.0.1 for path /hadoop/mapred/system/
jobtracker.info at Mon Jul 09 06:57:14 EDT 2012
/hadoop/mapred/system/jobtracker.info 4 bytes, 1 block(s):  OK
0. blk_-9148080207111019586_1001 len=4 repl=1

As I was authorized to access this file jobtracker.info, I was able to find
its blockID using the above command.
I think that if I add some offset to this block ID and write to that
datanode.
*
How can I explicitly mention the blockID while writing a file to HDFS.(What
is the command ?)*
Any other way to  write arbitrary data blocks to DataNodes ?

Please tell me if my approach is wrong ?
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB