Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Hadoop, mail # dev - Design for security in Hadoop


+
Amandeep Khurana 2009-03-18, 00:43
+
Amandeep Khurana 2009-03-18, 18:45
+
Steve Loughran 2009-03-19, 11:31
+
Amandeep Khurana 2009-03-19, 22:06
+
Steve Loughran 2009-03-20, 14:15
+
Doug Cutting 2009-03-20, 19:54
+
Amandeep Khurana 2009-03-20, 21:47
+
Amandeep Khurana 2009-03-24, 19:50
+
Raghu Angadi 2009-03-24, 22:29
+
Brian Bockelman 2009-03-24, 23:37
+
Kan Zhang 2009-03-25, 00:05
+
Doug Cutting 2009-03-25, 09:49
+
Amandeep Khurana 2009-03-25, 19:15
+
Kan Zhang 2009-03-25, 20:04
Copy link to this message
-
Re: Design for security in Hadoop
Kan Zhang 2009-03-25, 20:43

On 3/25/09 1:04 PM, "Kan Zhang" <[EMAIL PROTECTED]> wrote:

>
>
>
> On 3/25/09 12:15 PM, "Amandeep Khurana" <[EMAIL PROTECTED]> wrote:
>
>> On Wed, Mar 25, 2009 at 2:49 AM, Doug Cutting <[EMAIL PROTECTED]> wrote:
>>
>>> Amandeep Khurana wrote:
>>>
>>>> 1. The Jira covers only authentication using Kerberos. I dont think
>>>> Kerberos
>>>> is the best way to do it since I feel the scalability is limited. All keys
>>>> have to be negotiated by the Kerberos server.
>>>>
>>>
>>> The design in HADOOP-4343 seeks to minimize the number of key negotiations.
>>>  Do you think that's insufficient?  If so, please add a comment on that
>>> issue.
>>
>>
>> The NN doing key negotiations is fundamentally not feasible. Thats the
>> limitation of Kerberos and there's only a certain degree to which it can be
>> optimized. The design I proposed in the paper is a little different from
>> Kerberos, where the clients negotiate the keys. This frees up the NN from
>> the responsibility to do this task.
>>
> You've lost me. What are you referring to when you say key negotiations? As
> far as I read from your paper, you didn't propose anything new for the
> authentication between NN and the user, simply mentioning it will be a
> Kerberos like protocol. If you are referring to those capabilities for
> accessing DN, those are issued by NN, right?
>
My bad. I read your doc again and I guess you are referring to the protocol
you proposed in the paper for the authentication to datanode using namenode
as a trusted third-party. But the namenode is certainly involved in the
issuing of the ticket, right? Whereas if you use Kerberos, that task can be
off-loaded to the Kerberos KDC.

Kan
+
Amandeep Khurana 2009-03-26, 03:30
+
Kan Zhang 2009-03-25, 19:23
+
Amandeep Khurana 2009-03-25, 20:17
+
Steve Loughran 2009-03-30, 15:39
+
Kan Zhang 2009-03-25, 19:01
+
Amandeep Khurana 2009-03-25, 19:12
+
Kan Zhang 2009-03-25, 19:52
+
Amandeep Khurana 2009-03-25, 23:43