hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Cutting (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-2239) Security: Need to be able to encrypt Hadoop socket connections
Date Thu, 14 Feb 2008 18:09:09 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-2239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12569029#action_12569029
] 

Doug Cutting commented on HADOOP-2239:
--------------------------------------

This can be triggered when an "hsftp:" uri is used.

The following would be required to implement this:

# Extend the namenode and datanode's http servers to respond to https connections, adding
new configuration properties to name https ports, and configuring jetty accordingly (adding
a Jetty SslListener in our StatusHttpServer, specifying certs, etc.).
# Change HftpFileSystem to use https connections when the "hsftp" scheme is used.
# Change FileDataServlet to redirect to https when https is used to access it.

Does that sound right?


> Security:  Need to be able to encrypt Hadoop socket connections
> ---------------------------------------------------------------
>
>                 Key: HADOOP-2239
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2239
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: dfs
>            Reporter: Allen Wittenauer
>
> We need to be able to use hadoop over hostile networks, both internally and externally
to the enterpise.  While authentication prevents unauthorized access, encryption should be
used to prevent such things as packet snooping across the wire.  This means that hadoop client
connections, distcp, etc, would use something such as SSL to protect the TCP/IP packets. 
Post-Kerberos, it would be useful to use something similar to NFS's krb5p option.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message