hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stuti Awasthi <stutiawas...@hcl.com>
Subject RE: Security in Hadoop-1.0.0
Date Tue, 14 Feb 2012 10:10:46 GMT
I found this link for HDFS-Proxy setup. It also includes configuration with LDAP but documentation
is for Hadoop 0.21. I am thinking of giving it a shot with Hadoop 1.0.0

Am I on correct path ?

-----Original Message-----
From: Stuti Awasthi 
Sent: Tuesday, February 14, 2012 1:48 PM
To: 'hdfs-user@hadoop.apache.org'
Subject: RE: Security in Hadoop-1.0.0

After some googling I found the following link :

But these mainly deals with applying LDAP for map-reduce. I want to configure LDAP for HDFS
as well as mapreduce. Please suggest me some links through which I can configure dfs with
LDP also.


-----Original Message-----
From: Stuti Awasthi
Sent: Tuesday, February 14, 2012 12:28 PM
To: hdfs-user@hadoop.apache.org
Subject: RE: Security in Hadoop-1.0.0

Thanks Patrick,

The concept is clear to me now. As a first step I would like to configure LDAP with Hadoop.
I am using Apache Hadoop 1.0.0 but not able to find configuration steps in this version documentation.
It would be really helpful if someone can point me to relevant documentation of configuring
this version of Hadoop with LDAP.


From: Patrick Angeles [mailto:patrickangeles@gmail.com]
Sent: Monday, February 13, 2012 8:29 PM
To: hdfs-user@hadoop.apache.org
Subject: Re: Security in Hadoop-1.0.0

LDAP and Kerberos are orthogonal in Hadoop, but both are often used together. LDAP allows
for centralized user/group management (sort of like DNS for your users). Kerberos is for strong
authentication of users.

When using Kerberos in Hadoop, you want to propagate user/group identities to all your cluster
nodes. (Otherwise, you might authenticate strongly, but your user ID doesn't exist in a Tasktracker
so your job fails.) LDAP happens to be a common way to do this.

Typically when you set up Kerberos, you also set up your cluster nodes to do LDAP authentication.
You do this setup at the operating system level (via PAM).

Note that you can also use Hue as your user-gateway to Hadoop. In this scenario, you can use
an LDAP backend to authenticate users. You do not have to (but can) configure Hadoop with

- P
On Mon, Feb 13, 2012 at 3:11 AM, Stuti Awasthi <stutiawasthi@hcl.com> wrote:
I am bit confused on Security part of Hadoop. Cluster is behind the firewall. I have read
that Hadoop can be configured with LDAP also.
I want to know which is better : configure Hadoop security with LDAP or Kerberos as both provide

Please provide me more details on this as I am newbee in this part.


-----Original Message-----
From: alo alt [mailto:wget.null@googlemail.com]
Sent: Monday, February 06, 2012 3:56 PM
To: hdfs-user@hadoop.apache.org
Subject: Re: Security in Hadoop-1.0.0

Kerberos tokens and lifetime:

Security in CDH3 (the same as hadoop)


Alexander Lorenz

On Feb 6, 2012, at 11:19 AM, Stuti Awasthi wrote:

> Hi all,
> I started looking into configure security in Hadoop-1.0.0 but do not find concrete documentation
on which kind of security is provided in this release and how to configure them.
> Currently I am following
> "http://hadoop.apache.org/common/docs/r1.0.0/" documentation
> As per knowledge, Proxy authentication and Kerberos security is provided in this release
of Hadoop. Please point me to some good documentation or give me some pointers from where
I can start this work.
> Thanks
> Stuti Awasthi
> ----------------------------------------------------------------------
> -------------------------------------------------
> The contents of this e-mail and any attachment(s) are confidential and intended for the
named recipient(s) only.
> It shall not attach any liability on the originator or HCL or its 
> affiliates. Any views or opinions presented in this email are solely those of the author
and may not necessarily reflect the opinions of HCL or its affiliates.
> Any form of reproduction, dissemination, copying, disclosure, 
> modification, distribution and / or publication of this message 
> without the prior written consent of the author of this e-mail is 
> strictly prohibited. If you have received this email in error please delete it and notify
the sender immediately. Before opening any mail and attachments please check them for viruses
and defect.
> ----------------------------------------------------------------------
> -------------------------------------------------

View raw message