Return-Path: Delivered-To: apmail-hadoop-core-dev-archive@www.apache.org Received: (qmail 68682 invoked from network); 24 Oct 2008 02:06:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 24 Oct 2008 02:06:41 -0000 Received: (qmail 67906 invoked by uid 500); 24 Oct 2008 02:06:38 -0000 Delivered-To: apmail-hadoop-core-dev-archive@hadoop.apache.org Received: (qmail 67876 invoked by uid 500); 24 Oct 2008 02:06:38 -0000 Mailing-List: contact core-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: core-dev@hadoop.apache.org Delivered-To: mailing list core-dev@hadoop.apache.org Received: (qmail 67865 invoked by uid 99); 24 Oct 2008 02:06:38 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Oct 2008 19:06:38 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Oct 2008 02:05:35 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 62FB3234C24A for ; Thu, 23 Oct 2008 19:05:44 -0700 (PDT) Message-ID: <436633449.1224813944404.JavaMail.jira@brutus> Date: Thu, 23 Oct 2008 19:05:44 -0700 (PDT) From: "Sanjay Radia (JIRA)" To: core-dev@hadoop.apache.org Subject: [jira] Commented: (HADOOP-4348) Adding service-level authorization to Hadoop In-Reply-To: <1560154647.1223237144145.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HADOOP-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12642365#action_12642365 ] Sanjay Radia commented on HADOOP-4348: -------------------------------------- Doug> My initial comments were a response to the patch, not an architectural treaty. Let's keep things grounded in code. If someone wants to re-architect RPC in this patch, that's fine. But until then, we need to decide how to fit the desired feature into the existing code while making the least mess. If someone can contribute a patch which implements this feature as cleanly and simply at the IPC level alone as I think it can be done at the RPC level that'd be great. Sorry I misunderstood you earlier. I though you were opposed to putting the service level authorization in the ipc layer even if it is doable. I agree it belongs in one layer not two. Also agree with you that if we cannot cleanly do this in the ipc layer then the rpc-level is the way to go. As I noted earlier I think Arun's patch can be modified easily to move everything to the ipc layer: >The problem is that this patch stores a pointer to the authorization manager in the rpc layer (at rpc end-point creation time), > It would be better to >let the ipc layer store this pointer. Then everything would happen in the ipc layer which is the correct place to do it. Arun would my suggestion work or I am being naive? > Adding service-level authorization to Hadoop > -------------------------------------------- > > Key: HADOOP-4348 > URL: https://issues.apache.org/jira/browse/HADOOP-4348 > Project: Hadoop Core > Issue Type: New Feature > Reporter: Kan Zhang > Assignee: Arun C Murthy > Fix For: 0.20.0 > > Attachments: HADOOP-4348_0_20081022.patch, jaas_service_v1.patch > > > Service-level authorization is the initial checking done by a Hadoop service to find out if a connecting client is a pre-defined user of that service. If not, the connection or service request will be declined. This feature allows services to limit access to a clearly defined group of users. For example, service-level authorization allows "world-readable" files on a HDFS cluster to be readable only by the pre-defined users of that cluster, not by anyone who can connect to the cluster. It also allows a M/R cluster to define its group of users so that only those users can submit jobs to it. > Here is an initial list of requirements I came up with. > 1. Users of a cluster is defined by a flat list of usernames and groups. A client is a user of the cluster if and only if her username is listed in the flat list or one of her groups is explicitly listed in the flat list. Nested groups are not supported. > 2. The flat list is stored in a conf file and pushed to every cluster node so that services can access them. > 3. Services will monitor the modification of the conf file periodically (5 mins interval by default) and reload the list if needed. > 4. Checking against the flat list is done as early as possible and before any other authorization checking. Both HDFS and M/R clusters will implement this feature. > 5. This feature can be switched off and is off by default. > I'm aware of interests in pulling user data from LDAP. For this JIRA, I suggest we implement it using a conf file. Additional data sources may be supported via new JIRA's. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.