hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Rutherglen" <jason.rutherg...@gmail.com>
Subject Re: Question about Hadoop 's Feature(s)
Date Tue, 30 Sep 2008 13:33:46 GMT
> However, HDFS uses HTTP to serve blocks up -that needs to be locked down
>  too. Would the signing work there?

I am not familiar with HDFS over HTTP.  Could it simply sign the
stream and include the signature at the end of the HTTP message
returned?

On Tue, Sep 30, 2008 at 8:56 AM, Steve Loughran <stevel@apache.org> wrote:
> Jason Rutherglen wrote:
>>
>> I implemented an RMI protocol using Hadoop IPC and implemented basic
>> HMAC signing.  It is I believe faster than public key private key
>> because it uses a secret key and does not require public key
>> provisioning like PKI would.  Perhaps it would be a baseline way to
>> sign the data.
>
> That should work for authenticating messages between (trusted) nodes.
> Presumably the ipc.key value could be set in the Conf and all would be well.
>
> External job submitters shouldn't be given those keys; they'd need an
> HTTP(S) front end that could authenticate them however the organisation
> worked.
>
> Yes, that would be simpler. I am not enough of a security expert to say if
> it will work, but the keys should be easier to work with. As long as the
> configuration files are kept secure, your cluster will be locked.
>
> However, HDFS uses HTTP to serve blocks up -that needs to be locked down
>  too. Would the signing work there?
>
> -steve
>

Mime
View raw message