Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # user >> kerberos for outside threads

Copy link to this message
Re: kerberos for outside threads
Hey Haohui,
Thanks for responding. I understand that I can disable security. I am
wondering if I should in this situation. Or to turn the question around: is
there a significant benefit to turning security on here?
On Jan 21, 2014 8:26 PM, "Haohui Mai" <[EMAIL PROTECTED]> wrote:

> Hi Koert,
> I'm wondering what is the end-to-end goal you want to achieve.
> You can disable security in Hadoop, where the cluster does not perform
> additional authentication. Obviously you can go without kerberos in this
> case and protect your clusters with other measures you've mentioned.
> Alternatively, you can enable security without kerberos by plugging in
> your own authentication filter.
> ~Haohui
> On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <[EMAIL PROTECTED]> wrote:
>> i understand kerberos is used on hadoop to provide security in a
>> multi-user environment, and i can totally see its usage for a shared
>> cluster within a company to make sure sensitive data for one department is
>> safe from prying eyes of another department.
>> but for a hadoop cluster that sits "behind" a bunch of web servers to do
>> say log analysis, and that already is protected by standard measures (no
>> route to cluster from outside, so a web server would have to get
>> compromised to gain access), is there any value in securing it with
>> kerberos? does anyone do that?
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.