hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tsz Wo (Nicholas), SZE (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (HADOOP-1701) Provide a security framework design
Date Wed, 22 Oct 2008 20:43:46 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-1701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tsz Wo (Nicholas), SZE resolved HADOOP-1701.
--------------------------------------------

    Resolution: Later

Seems that this won't be done in the near future.  Closing this as "Later".

> Provide a security framework design
> -----------------------------------
>
>                 Key: HADOOP-1701
>                 URL: https://issues.apache.org/jira/browse/HADOOP-1701
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: dfs
>    Affects Versions: 0.15.0
>            Reporter: Tsz Wo (Nicholas), SZE
>         Attachments: 1701_20071109.patch
>
>
> Only provide a security framework as described below.  A simple implementation will be
provided in HADOOP-2229.
> h4._Previous Description_
> In HADOOP-1298, we want to add user information and permission to the file system.  It
requires an authentication service and a user management service.  We should provide a framework
and a simple implementation in issue and extend it later.  As discussed in HADOOP-1298, the
framework should be extensible and pluggable.
> - Extensible: possible to extend the framework to the other parts (e.g. map-reduce) of
Hadoop.
> - Pluggable: can easily switch security implementations.  Below is a diagram borrowed
from Java.
> !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
> - Implement a Hadoop authentication center (HAC).  In the first step, the mechanism of
HAC is very simple, it keeps track a list of usernames (we only support users, will work on
other principals later) in HAC and verify username in user login (yeah, no password).  HAC
can run inside NameNode or run as a stand alone server.   We will probably use Kerberos to
provide more sophisticated authentication service.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message