hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] Created: (HADOOP-4343) Adding user and service-to-service authentication to Hadoop
Date Sat, 04 Oct 2008 01:55:44 GMT
Adding user and service-to-service authentication to Hadoop
-----------------------------------------------------------

                 Key: HADOOP-4343
                 URL: https://issues.apache.org/jira/browse/HADOOP-4343
             Project: Hadoop Core
          Issue Type: New Feature
            Reporter: Kan Zhang
            Assignee: Kan Zhang
             Fix For: 0.20.0


Currently, Hadoop services do not authenticate users or other services. As a result, Hadoop
is subject to the following security risks.

1. A user can access an HDFS or M/R cluster as any other user. This makes it impossible to
enforce access control in an uncooperative environment. For example, file permission checking
on HDFS can be easily circumvented.

2. An attacker can masquerade as Hadoop services. For example, user code running on a M/R
cluster can register itself as a new TaskTracker.

This JIRA is intended to be a tracking JIRA, where we discuss requirements, agree on a general
approach and identify subtasks. Detailed design and implementation are the subject of those
subtasks.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message