hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Segel, Mike" <mse...@navteq.com>
Subject RE: Hadoop Security
Date Mon, 22 Feb 2010 15:18:47 GMT

Sorry for jumping in to this late, but has anyone thought about how this could be extended
in to HBase? 
I realize this is Hadoop security, but eventually HBase and other apps that sit on top of
hadoop will have to deal with security issues too.

I'm not suggesting that a solution be worked out now, but that the solution for Hadoop can
be extended to cover the apps that sit on top of Hadoop. 



-----Original Message-----
From: Owen O'Malley [mailto:omalley@apache.org] 
Sent: Sunday, February 21, 2010 4:02 PM
To: common-dev@hadoop.apache.org
Subject: Re: Hadoop Security

On Feb 17, 2010, at 9:57 PM, gscse@tce.edu wrote:

>  Analyzed that kerberos cab be used for user authentication.when the  
> user
> wants to submit a job he/she can get delegation token followed by  
> block
> access token to access data from HDFS.So the client is overloaded with
> initial 2 tickets (kerberos) TGT(Ticket grating Ticket),ST (service
> ticket)followed by delegation token and block access token..Is that  
> right??

When the user logs in to the system, they get a TGT. When they want to  
submit a job, they'll get two service tickets (one for the Name Node  
and one for the Job Tracker). They will get a delegation token from  
the NameNode and include that as part of the job. So in total,  
submitting a job should only take those 2 interactions with the  
Kerberos KDC.

-- Owen

The information contained in this communication may be CONFIDENTIAL and is intended only for
the use of the recipient(s) named above.  If you are not the intended recipient, you are hereby
notified that any dissemination, distribution, or copying of this communication, or any of
its contents, is strictly prohibited.  If you have received this communication in error, please
notify the sender and delete/destroy the original message and any copy of it from your computer
or paper files.

View raw message