hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Douglas (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HADOOP-2239) Security: Need to be able to encrypt Hadoop socket connections
Date Sat, 01 Mar 2008 01:06:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-2239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chris Douglas updated HADOOP-2239:
----------------------------------

    Attachment: 2239-1.patch

This patch adds some documentation, per Nicholas's recommendation. It does not include any
test cases, as the requirements for configuring ssl are somewhat onerous and- in my limited
experience- not amenable to automation in a test case. Lacking certs, it was tested with Firefox
and appears correct. The passwords are stored in a config file, which is regrettable, but
the resource storing them need only be on the classpath. Getting this information is out-of-band
as it is, and an auxiliary config file seemed the most expedient and mostly-correct option
available. For Right Now(tm), it should suffice.

> Security:  Need to be able to encrypt Hadoop socket connections
> ---------------------------------------------------------------
>
>                 Key: HADOOP-2239
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2239
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: dfs
>            Reporter: Allen Wittenauer
>             Fix For: 0.17.0
>
>         Attachments: 2239-0.patch, 2239-1.patch
>
>
> We need to be able to use hadoop over hostile networks, both internally and externally
to the enterpise.  While authentication prevents unauthorized access, encryption should be
used to prevent such things as packet snooping across the wire.  This means that hadoop client
connections, distcp, etc, would use something such as SSL to protect the TCP/IP packets. 
Post-Kerberos, it would be useful to use something similar to NFS's krb5p option.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message