hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raghu Angadi <rang...@yahoo-inc.com>
Subject Re: Design for security in Hadoop
Date Tue, 24 Mar 2009 22:29:18 GMT

I haven't looked into the proposal, but a meta comment:

I don't think there is a real reason for Hadoop to favor this design or 
only stay with HADOOP-4343 or another proposal at this state. It is 
healthy if we have different designs and implementation proceed 
independently. If you are willing to, I think you should proceed with a 
prototype so that others interested can play with. This is true not just 
for this feature, but many others as well.

This of course should not discourage others from reviewing your design.

Raghu.

Amandeep Khurana wrote:
> Bouncing the thread... Waiting to hear from people about the proposal.
> 
> 
> Amandeep Khurana
> Computer Science Graduate Student
> University of California, Santa Cruz
> 
> 
> On Fri, Mar 20, 2009 at 2:47 PM, Amandeep Khurana <amansk@gmail.com> wrote:
> 
>> 1. The Jira covers only authentication using Kerberos. I dont think
>> Kerberos is the best way to do it since I feel the scalability is limited.
>> All keys have to be negotiated by the Kerberos server. The design in the
>> paper has a little different protocol for authentication.
>>
>> 2. The Jira doesnt have cover the access control aspect of things. As a
>> client, I can skip talking to the NN and get blocks from the DN straight
>> away. There is no way to prevent it. This paper takes care of that aspect as
>> well.
>>
>>
>> Amandeep Khurana
>> Computer Science Graduate Student
>> University of California, Santa Cruz
>>
>>
>> On Fri, Mar 20, 2009 at 12:54 PM, Doug Cutting <cutting@apache.org> wrote:
>>
>>> Amandeep Khurana wrote:
>>>
>>>> http://www.soe.ucsc.edu/~akhurana/Hadoop_Security.pdf<http://www.soe.ucsc.edu/%7Eakhurana/Hadoop_Security.pdf>
>>>>
>>> How does this relate to the current proposal in Jira?
>>>
>>> https://issues.apache.org/jira/browse/HADOOP-4343
>>>
>>> Doug
>>>
>>
> 


Mime
View raw message