hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jakob Homan (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HDFS-1150) Verify datanodes' identities to clients in secure clusters
Date Fri, 14 May 2010 23:41:44 GMT

    [ https://issues.apache.org/jira/browse/HDFS-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12867736#action_12867736
] 

Jakob Homan commented on HDFS-1150:
-----------------------------------

bq. It appears the assumption is that the attacker won't be able to get root privileges. 
This is indeed an assumption we've had for all the security work.  Should one get root, they
can get krb keytabs and at that point, game's over. This approach doesn't fix that assumption,
but is consistent with it.

> Verify datanodes' identities to clients in secure clusters
> ----------------------------------------------------------
>
>                 Key: HDFS-1150
>                 URL: https://issues.apache.org/jira/browse/HDFS-1150
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: data-node
>    Affects Versions: 0.22.0
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>         Attachments: HDFS-1150-y20.build-script.patch, HDFS-1150-Y20S-ready-5.patch,
HDFS-1150-Y20S-ready-6.patch, HDFS-1150-Y20S-ready-7.patch, HDFS-1150-Y20S-ready-8.patch,
HDFS-1150-Y20S-Rough-2.patch, HDFS-1150-Y20S-Rough-3.patch, HDFS-1150-Y20S-Rough-4.patch,
HDFS-1150-Y20S-Rough.txt
>
>
> Currently we use block access tokens to allow datanodes to verify clients' identities,
however we don't have a way for clients to verify the authenticity of the datanodes themselves.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message