Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
MapReduce, mail # user - Using certificates to secure Hadoop


+
Fabio Pitzolu 2013-01-22, 15:20
+
Nitin Pawar 2013-01-22, 16:56
+
Fabio Pitzolu 2013-01-22, 17:37
Copy link to this message
-
Re: Using certificates to secure Hadoop
Nitin Pawar 2013-01-22, 17:49
yes second option is not hadoop aware but in general for web services.

I really don't think that particular thing has been open sourced I may try
to explain that stuff offline

for hadoop related security either you rely on network security or
kerberos. You may also try securing hadoop with active directory
https://ccp.cloudera.com/display/CDHDOC/Integrating+Hadoop+Security+with+Active+Directory

for webservices related security you can reach me, we can discuss that if
you need it
On Tue, Jan 22, 2013 at 11:07 PM, Fabio Pitzolu <[EMAIL PROTECTED]>wrote:

> Hi Nitin, thank you for the answer.****
>
> Your second option will be the most feasible, and I think that this not
> hadoop-aware, but it’s a general Tomcat configuration, am I right?****
>
> Could you please link me some doc about this configuration?****
>
> ** **
>
> Thanks a lot!****
>
> ** **
>
> ** **
>
> *Fabio Pitzolu*
>
> ****
>
> ** **
>
> *From:* Nitin Pawar [mailto:[EMAIL PROTECTED]]
> *Sent:* martedì 22 gennaio 2013 17:56
> *To:* [EMAIL PROTECTED]
> *Subject:* Re: Using certificates to secure Hadoop****
>
> ** **
>
> on network level easy way would be you host your entire infrastructure
> into a private network with just one internet facing gateway via which your
> client can access your webservice. And in case you need to access internet
> for hadoop/oozie then you can setup a NAT ****
>
> this will be like building your private cloud infra with different
> internet gateways ****
>
> ** **
>
> other way would be you build your own certificate based authentication
> library. (we used to have this @ yahoo where we used to restrict access to
> server having certificate only) ****
>
> ** **
>
> On Tue, Jan 22, 2013 at 8:50 PM, Fabio Pitzolu <[EMAIL PROTECTED]>
> wrote:****
>
> Hi all,****
>
> I’ve been asked to check whether is possible to use certificates to secure
> the connection between Hadoop and Oozie and the “external world” or not.**
> **
>
> Case is this:****
>
> We have to develop a webservice to run Oozie workflows and access HDFS, so
> that there will be just one “interface” between the cluster and a user web
> application.****
>
> Current security scenario does not allow to use Kerberos to authenticate
> the users, so we were thinking about using certificates, distributed
> through the Tomcat stack (as show on the following diagram).****
>
> The idea is that only a client (in this case the client would be the Java
> WebService – the blue box) with the right certificate could “talk” to the
> Hadoop / Oozie machines.****
>
>  ****
>
> ****
>
>  ****
>
> Is it possible to achieve this scenario?****
>
> If so, is there a whitepaper on the Internet that shows how to do this?***
> *
>
> If not possible, what do you think would be the best security solution not
> using Kerberos (example, firewall sec., IP security, …)? ****
>
>  ****
>
> Thank you very much, have a nice day!****
>
>  ****
>
> Fabio Pitzolu****
>
>  ****
>
>
>
> ****
>
> ** **
>
> --
> Nitin Pawar****
>

--
Nitin Pawar
+
Fabio Pitzolu 2013-01-22, 17:53