hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Koert Kuipers <ko...@tresata.com>
Subject Re: kerberos for outside threads
Date Wed, 22 Jan 2014 02:09:10 GMT
Hey Haohui,
Thanks for responding. I understand that I can disable security. I am
wondering if I should in this situation. Or to turn the question around: is
there a significant benefit to turning security on here?
On Jan 21, 2014 8:26 PM, "Haohui Mai" <hmai@hortonworks.com> wrote:

> Hi Koert,
>
> I'm wondering what is the end-to-end goal you want to achieve.
>
> You can disable security in Hadoop, where the cluster does not perform
> additional authentication. Obviously you can go without kerberos in this
> case and protect your clusters with other measures you've mentioned.
>
> Alternatively, you can enable security without kerberos by plugging in
> your own authentication filter.
>
> ~Haohui
>
>
>
>
> On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <koert@tresata.com> wrote:
>
>> i understand kerberos is used on hadoop to provide security in a
>> multi-user environment, and i can totally see its usage for a shared
>> cluster within a company to make sure sensitive data for one department is
>> safe from prying eyes of another department.
>>
>> but for a hadoop cluster that sits "behind" a bunch of web servers to do
>> say log analysis, and that already is protected by standard measures (no
>> route to cluster from outside, so a web server would have to get
>> compromised to gain access), is there any value in securing it with
>> kerberos? does anyone do that?
>>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.

Mime
View raw message