hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajiv Chittajallu (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-7119) add Kerberos HTTP SPNEGO authentication support to Hadoop JT/NN/DN/TT web-consoles
Date Sat, 05 Feb 2011 22:33:30 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991076#comment-12991076
] 

Rajiv Chittajallu commented on HADOOP-7119:
-------------------------------------------

bq (when I reviewed the security work last summer I found several root exploits and data confidentiality
exploits that the Y paranoids missed in their review.)

Yahoo! central paranoid team reviewed the architecture. Not the code. The community is responsible
of the code. Trust on the code base builds on how active the community is reviewing the code
and fixing it. Its based on javax.security.sasl and any extensions are added in Hadoop but
not released as an external component.

Right now there isn't an http.filter of web consoles. The patch provides one. Its probably
might be acceptable to others in adding this to contrib.

> add Kerberos HTTP SPNEGO authentication support to Hadoop JT/NN/DN/TT web-consoles
> ----------------------------------------------------------------------------------
>
>                 Key: HADOOP-7119
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7119
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 0.23.0
>         Environment: all
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>         Attachments: ha-common-01.patch, ha-common-02.patch, ha-commons.patch
>
>
> Currently the JT/NN/DN/TT web-consoles don't support any form of authentication.
> Hadoop RPC API already supports Kerberos authentication.
> Kerberos enables single sign-on.
> Popular browsers (Firefox and Internet Explorer) have support for Kerberos HTTP SPNEGO.
> Adding support for Kerberos HTTP SPNEGO to Hadoop web consoles would provide a unified
authentication mechanism and single sign-on for Hadoop web UI and Hadoop RPC.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message