hadoop-mapreduce-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke Lu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (MAPREDUCE-2858) MRv2 WebApp Security
Date Thu, 18 Aug 2011 21:58:27 GMT
MRv2 WebApp Security

                 Key: MAPREDUCE-2858
                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2858
             Project: Hadoop Map/Reduce
          Issue Type: Improvement
          Components: mrv2
    Affects Versions: 0.23.0
            Reporter: Luke Lu
            Assignee: Luke Lu
             Fix For: 0.23.0

In MRv2, while the system servers (ResourceManager (RM), NodeManager (NM) and NameNode (NN))
run as "trusted"
system users, the application masters (AM) run as users who submit the application. While
this offers great flexibility
to run multiple version of mapreduce frameworks (including their UI) on the same Hadoop cluster,
it has significant
implication for the security of webapps (Please do not discuss company specific vulnerabilities


0. Secure authentication for AM (for app/job level ACLs).
1. Webapp security should be optional via site configuration.
2. Support existing pluggable single sign on mechanisms.
3. Should not require per app/user configuration for deployment.
4. Should not require special site-wide DNS configuration for deployment.

This the top jira for webapp security. A design doc/notes of threat-modeling and counter measures
will be posted on the wiki.

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message