Return-Path: Delivered-To: apmail-hadoop-common-user-archive@www.apache.org Received: (qmail 86103 invoked from network); 23 Jul 2009 05:17:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 23 Jul 2009 05:17:53 -0000 Received: (qmail 45721 invoked by uid 500); 23 Jul 2009 05:18:56 -0000 Delivered-To: apmail-hadoop-common-user-archive@hadoop.apache.org Received: (qmail 45633 invoked by uid 500); 23 Jul 2009 05:18:56 -0000 Mailing-List: contact common-user-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-user@hadoop.apache.org Delivered-To: mailing list common-user@hadoop.apache.org Received: (qmail 45623 invoked by uid 99); 23 Jul 2009 05:18:55 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Jul 2009 05:18:55 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ted.dunning@gmail.com designates 209.85.217.218 as permitted sender) Received: from [209.85.217.218] (HELO mail-gx0-f218.google.com) (209.85.217.218) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Jul 2009 05:18:48 +0000 Received: by gxk18 with SMTP id 18so1168907gxk.5 for ; Wed, 22 Jul 2009 22:18:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:content-type; bh=Dq4/R0du/yZZ4+zCnUL7EQxS9h6VOLkskpKWUMIfpVk=; b=fkp5hvwb5tLzDFiYXL0ys/0QwpkZGkf/gzSCNihmDe/QJlc5BQaJuywJ4pgrH4SRzd TwbMsIBASUMgEWajRKV1PDJn6YQ8bHvRyRIBPU3d4kppDCH7KoZS/zOaPDY4BWO8dlp5 AOI/I3iHb/OTidz07S8piDGUmIfKPyLfRDG5U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=wu6O5B9qkAP0ths4YqhOyB5h7SVUeYBEbd6/eQgl1hLBQmiRo+Z8UvyU9iox5YAO0W 7+7X0laXnhLj+ocoGUbJywc/6GsJUhZvkB5/1OwcP9Ykr69JUDxQTPT9k2dLQ0Yos8r6 LISeEFcMX/S66XYfHHTvV/11nIpBUageUnZzk= MIME-Version: 1.0 Received: by 10.150.136.12 with SMTP id j12mr2354491ybd.156.1248326307180; Wed, 22 Jul 2009 22:18:27 -0700 (PDT) In-Reply-To: <2AAFC2B9E4C5DC4F859F154FB664CF5F061A86C3@EVSBNG01.ad.office.aol.com> References: <2AAFC2B9E4C5DC4F859F154FB664CF5F061A86C3@EVSBNG01.ad.office.aol.com> From: Ted Dunning Date: Wed, 22 Jul 2009 22:18:07 -0700 Message-ID: Subject: Re: Remote access to cluster using user as hadoop To: common-user@hadoop.apache.org Content-Type: multipart/alternative; boundary=000e0cd5d0001a8604046f589e5e X-Virus-Checked: Checked by ClamAV on apache.org --000e0cd5d0001a8604046f589e5e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Do not allow direct access to the hadoop cluster from untrusted machines. Also, until further security measures are implemented, hadoop trusts the origin machine and library to identify the user correctly. Soon there will be a better level of authentication, but for now that is it. This works out fine in almost all hadoop installations. Hadoop was intended to be a batch system that runs large-scale back end processes in a trusted environment and it fits that role very well. It is slowly being outfitted so as to be more suitable for exposure to the real world, but it is a slow process. On Wed, Jul 22, 2009 at 9:49 PM, Palleti, Pallavi < pallavi.palleti@corp.aol.com> wrote: > Could someone explain me if there is a way to avoid these kind > of scenarios? Otherwise, what should be the best practice? > -- Ted Dunning, CTO DeepDyve --000e0cd5d0001a8604046f589e5e--