Return-Path: Delivered-To: apmail-lucene-hadoop-dev-archive@locus.apache.org Received: (qmail 10727 invoked from network); 28 Aug 2007 17:59:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Aug 2007 17:59:52 -0000 Received: (qmail 13525 invoked by uid 500); 28 Aug 2007 17:59:47 -0000 Delivered-To: apmail-lucene-hadoop-dev-archive@lucene.apache.org Received: (qmail 13494 invoked by uid 500); 28 Aug 2007 17:59:47 -0000 Mailing-List: contact hadoop-dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hadoop-dev@lucene.apache.org Delivered-To: mailing list hadoop-dev@lucene.apache.org Received: (qmail 13485 invoked by uid 99); 28 Aug 2007 17:59:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Aug 2007 10:59:47 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Aug 2007 17:59:51 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 951F671418E for ; Tue, 28 Aug 2007 10:59:30 -0700 (PDT) Message-ID: <7460372.1188323970581.JavaMail.jira@brutus> Date: Tue, 28 Aug 2007 10:59:30 -0700 (PDT) From: "Tsz Wo (Nicholas), SZE (JIRA)" To: hadoop-dev@lucene.apache.org Subject: [jira] Updated: (HADOOP-1701) Provide a simple authentication service and a user management service In-Reply-To: <17285634.1186690662754.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HADOOP-1701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tsz Wo (Nicholas), SZE updated HADOOP-1701: ------------------------------------------- Attachment: guides20070828.pdf > Provide a simple authentication service and a user management service > --------------------------------------------------------------------- > > Key: HADOOP-1701 > URL: https://issues.apache.org/jira/browse/HADOOP-1701 > Project: Hadoop > Issue Type: New Feature > Reporter: Tsz Wo (Nicholas), SZE > Assignee: Tsz Wo (Nicholas), SZE > Attachments: 1701_20070827c_framework.patch, design20070828.pdf, guides20070828.pdf > > > In HADOOP-1298, we want to add user information and permission to the file system. It requires an authentication service and a user management service. We should provide a framework and a simple implementation in issue and extend it later. As discussed in HADOOP-1298, the framework should be extensible and pluggable. > - Extensible: possible to extend the framework to the other parts (e.g. map-reduce) of Hadoop. > - Pluggable: can easily switch security implementations. Below is a diagram borrowed from Java. > !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg! > - Implement a Hadoop authentication center (HAC). In the first step, the mechanism of HAC is very simple, it keeps track a list of usernames (we only support users, will work on other principals later) in HAC and verify username in user login (yeah, no password). HAC can run inside NameNode or run as a stand alone server. We will probably use Kerberos to provide more sophisticated authentication service. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.