hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug Cutting <cutt...@apache.org>
Subject Re: Design for security in Hadoop
Date Wed, 25 Mar 2009 09:49:08 GMT
Amandeep Khurana wrote:
> 1. The Jira covers only authentication using Kerberos. I dont think Kerberos
> is the best way to do it since I feel the scalability is limited. All keys
> have to be negotiated by the Kerberos server.

The design in HADOOP-4343 seeks to minimize the number of key 
negotiations.  Do you think that's insufficient?  If so, please add a 
comment on that issue.

> 2. The Jira doesnt have cover the access control aspect of things. As a
> client, I can skip talking to the NN and get blocks from the DN straight
> away. There is no way to prevent it. This paper takes care of that aspect as
> well.

The intent is that access to a block on a datanode will require 
authentication.  Currently it does not, but as security features are 
added this clearly must change.  HADOOP-4343 does not mention how this 
will be done, but I believe it must be implemented in the same timeframe 
as namenode authentication.

As Raghu said, the security design for Hadoop is far from complete and 
your contributions here are very welcome.

Doug


Mime
View raw message