Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
HDFS >> mail # user >> Security in Hadoop-1.0.0


Copy link to this message
-
Re: Security in Hadoop-1.0.0
LDAP and Kerberos are orthogonal in Hadoop, but both are often used
together. LDAP allows for centralized user/group management (sort of like
DNS for your users). Kerberos is for strong authentication of users.

When using Kerberos in Hadoop, you want to propagate user/group identities
to all your cluster nodes. (Otherwise, you might authenticate strongly, but
your user ID doesn't exist in a Tasktracker so your job fails.) LDAP
happens to be a common way to do this.

Typically when you set up Kerberos, you also set up your cluster nodes to
do LDAP authentication. You do this setup at the operating system level
(via PAM).

Note that you can also use Hue as your user-gateway to Hadoop. In this
scenario, you can use an LDAP backend to authenticate users. You do not
have to (but can) configure Hadoop with Kerberos.

- P

On Mon, Feb 13, 2012 at 3:11 AM, Stuti Awasthi <[EMAIL PROTECTED]> wrote:

> Hi,
> I am bit confused on Security part of Hadoop. Cluster is behind the
> firewall. I have read that Hadoop can be configured with LDAP also.
> I want to know which is better : configure Hadoop security with LDAP or
> Kerberos as both provide authentication.
>
> Please provide me more details on this as I am newbee in this part.
>
> Thanks
>
>
> -----Original Message-----
> From: alo alt [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 06, 2012 3:56 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Security in Hadoop-1.0.0
>
> Kerberos tokens and lifetime:
>
> http://hortonworks.com/the-role-of-delegation-tokens-in-apache-hadoop-security/
>
> Security in CDH3 (the same as hadoop)
> https://ccp.cloudera.com/display/CDHDOC/CDH3+Security+Guide
>
> best,
>  Alex
>
> --
> Alexander Lorenz
> http://mapredit.blogspot.com
>
> On Feb 6, 2012, at 11:19 AM, Stuti Awasthi wrote:
>
> > Hi all,
> > I started looking into configure security in Hadoop-1.0.0 but do not
> find concrete documentation on which kind of security is provided in this
> release and how to configure them.
> > Currently I am following
> > "http://hadoop.apache.org/common/docs/r1.0.0/" documentation
> >
> > As per knowledge, Proxy authentication and Kerberos security is provided
> in this release of Hadoop. Please point me to some good documentation or
> give me some pointers from where I can start this work.
> >
> > Thanks
> > Stuti Awasthi
> >
> >
> >
> > ::DISCLAIMER::
> > ----------------------------------------------------------------------
> > -------------------------------------------------
> >
> > The contents of this e-mail and any attachment(s) are confidential and
> intended for the named recipient(s) only.
> > It shall not attach any liability on the originator or HCL or its
> > affiliates. Any views or opinions presented in this email are solely
> those of the author and may not necessarily reflect the opinions of HCL or
> its affiliates.
> > Any form of reproduction, dissemination, copying, disclosure,
> > modification, distribution and / or publication of this message
> > without the prior written consent of the author of this e-mail is
> > strictly prohibited. If you have received this email in error please
> delete it and notify the sender immediately. Before opening any mail and
> attachments please check them for viruses and defect.
> >
> > ----------------------------------------------------------------------
> > -------------------------------------------------
>
>