Return-Path: Delivered-To: apmail-hadoop-core-dev-archive@www.apache.org Received: (qmail 64704 invoked from network); 4 Oct 2008 01:56:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Oct 2008 01:56:11 -0000 Received: (qmail 52415 invoked by uid 500); 4 Oct 2008 01:56:03 -0000 Delivered-To: apmail-hadoop-core-dev-archive@hadoop.apache.org Received: (qmail 52390 invoked by uid 500); 4 Oct 2008 01:56:03 -0000 Mailing-List: contact core-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: core-dev@hadoop.apache.org Delivered-To: mailing list core-dev@hadoop.apache.org Received: (qmail 52379 invoked by uid 99); 4 Oct 2008 01:56:03 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Oct 2008 18:56:03 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Oct 2008 01:55:09 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 30BCE234C20F for ; Fri, 3 Oct 2008 18:55:44 -0700 (PDT) Message-ID: <785548514.1223085344192.JavaMail.jira@brutus> Date: Fri, 3 Oct 2008 18:55:44 -0700 (PDT) From: "Kan Zhang (JIRA)" To: core-dev@hadoop.apache.org Subject: [jira] Created: (HADOOP-4343) Adding user and service-to-service authentication to Hadoop MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Adding user and service-to-service authentication to Hadoop ----------------------------------------------------------- Key: HADOOP-4343 URL: https://issues.apache.org/jira/browse/HADOOP-4343 Project: Hadoop Core Issue Type: New Feature Reporter: Kan Zhang Assignee: Kan Zhang Fix For: 0.20.0 Currently, Hadoop services do not authenticate users or other services. As a result, Hadoop is subject to the following security risks. 1. A user can access an HDFS or M/R cluster as any other user. This makes it impossible to enforce access control in an uncooperative environment. For example, file permission checking on HDFS can be easily circumvented. 2. An attacker can masquerade as Hadoop services. For example, user code running on a M/R cluster can register itself as a new TaskTracker. This JIRA is intended to be a tracking JIRA, where we discuss requirements, agree on a general approach and identify subtasks. Detailed design and implementation are the subject of those subtasks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.