hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kan Zhang <...@yahoo-inc.com>
Subject Re: Design for security in Hadoop
Date Wed, 25 Mar 2009 20:04:25 GMT



On 3/25/09 12:15 PM, "Amandeep Khurana" <amansk@gmail.com> wrote:

> On Wed, Mar 25, 2009 at 2:49 AM, Doug Cutting <cutting@apache.org> wrote:
> 
>> Amandeep Khurana wrote:
>> 
>>> 1. The Jira covers only authentication using Kerberos. I dont think
>>> Kerberos
>>> is the best way to do it since I feel the scalability is limited. All keys
>>> have to be negotiated by the Kerberos server.
>>> 
>> 
>> The design in HADOOP-4343 seeks to minimize the number of key negotiations.
>>  Do you think that's insufficient?  If so, please add a comment on that
>> issue.
> 
> 
> The NN doing key negotiations is fundamentally not feasible. Thats the
> limitation of Kerberos and there's only a certain degree to which it can be
> optimized. The design I proposed in the paper is a little different from
> Kerberos, where the clients negotiate the keys. This frees up the NN from
> the responsibility to do this task.
> 
You've lost me. What are you referring to when you say key negotiations? As
far as I read from your paper, you didn't propose anything new for the
authentication between NN and the user, simply mentioning it will be a
Kerberos like protocol. If you are referring to those capabilities for
accessing DN, those are issued by NN, right?

Kan


Mime
View raw message