hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amandeep Khurana <ama...@gmail.com>
Subject Re: Design for security in Hadoop
Date Wed, 25 Mar 2009 19:15:05 GMT
On Wed, Mar 25, 2009 at 2:49 AM, Doug Cutting <cutting@apache.org> wrote:

> Amandeep Khurana wrote:
>> 1. The Jira covers only authentication using Kerberos. I dont think
>> Kerberos
>> is the best way to do it since I feel the scalability is limited. All keys
>> have to be negotiated by the Kerberos server.
> The design in HADOOP-4343 seeks to minimize the number of key negotiations.
>  Do you think that's insufficient?  If so, please add a comment on that
> issue.

The NN doing key negotiations is fundamentally not feasible. Thats the
limitation of Kerberos and there's only a certain degree to which it can be
optimized. The design I proposed in the paper is a little different from
Kerberos, where the clients negotiate the keys. This frees up the NN from
the responsibility to do this task.

>  2. The Jira doesnt have cover the access control aspect of things. As a
>> client, I can skip talking to the NN and get blocks from the DN straight
>> away. There is no way to prevent it. This paper takes care of that aspect
>> as
>> well.
> The intent is that access to a block on a datanode will require
> authentication.  Currently it does not, but as security features are added
> this clearly must change.  HADOOP-4343 does not mention how this will be
> done, but I believe it must be implemented in the same timeframe as namenode
> authentication.


> As Raghu said, the security design for Hadoop is far from complete and your
> contributions here are very welcome.

Got that.

> Doug

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message