Return-Path: X-Original-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org Delivered-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 019881153D for ; Wed, 13 Aug 2014 07:16:36 +0000 (UTC) Received: (qmail 54431 invoked by uid 500); 13 Aug 2014 07:16:30 -0000 Delivered-To: apmail-hadoop-mapreduce-user-archive@hadoop.apache.org Received: (qmail 54316 invoked by uid 500); 13 Aug 2014 07:16:30 -0000 Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hadoop.apache.org Delivered-To: mailing list user@hadoop.apache.org Received: (qmail 54306 invoked by uid 99); 13 Aug 2014 07:16:30 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Aug 2014 07:16:30 +0000 X-ASF-Spam-Status: No, hits=-2.8 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_HI,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of yi.a.liu@intel.com designates 192.55.52.115 as permitted sender) Received: from [192.55.52.115] (HELO mga14.intel.com) (192.55.52.115) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Aug 2014 07:16:03 +0000 Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga103.fm.intel.com with ESMTP; 13 Aug 2014 00:08:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.01,855,1400050800"; d="scan'208,217";a="575977301" Received: from fmsmsx104.amr.corp.intel.com ([10.19.9.35]) by fmsmga001.fm.intel.com with ESMTP; 13 Aug 2014 00:16:00 -0700 Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by FMSMSX104.amr.corp.intel.com (10.19.9.35) with Microsoft SMTP Server (TLS) id 14.3.195.1; Wed, 13 Aug 2014 00:16:00 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS) id 14.3.195.1; Wed, 13 Aug 2014 00:16:00 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.219]) by shsmsx102.ccr.corp.intel.com ([169.254.2.246]) with mapi id 14.03.0195.001; Wed, 13 Aug 2014 15:15:59 +0800 From: "Liu, Yi A" To: "user@hadoop.apache.org" Subject: RE: Implementing security in hadoop Thread-Topic: Implementing security in hadoop Thread-Index: Ac+2wET6DVMhTHKdSuOEjQdrz/lfIAABR7UQ Date: Wed, 13 Aug 2014 07:15:57 +0000 Message-ID: <0ACA11997C562042A7FDB41B0D58461001AF2F46@SHSMSX103.ccr.corp.intel.com> References: <969B118F8FF0104281DFF098C3347540625DA2BB09@PUNINMSMBX01.puneodc.lntinfotech.com> In-Reply-To: <969B118F8FF0104281DFF098C3347540625DA2BB09@PUNINMSMBX01.puneodc.lntinfotech.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: multipart/alternative; boundary="_000_0ACA11997C562042A7FDB41B0D58461001AF2F46SHSMSX103ccrcor_" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org --_000_0ACA11997C562042A7FDB41B0D58461001AF2F46SHSMSX103ccrcor_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Chhaya, >>> I have looked into Kerboroes but it doesn't provide encryption for data= already residing in HDFS. For encryption for data, I suppose you mean data at rest encryption (*not* = encryption for data transport which is already supported), this feature is = still under development and close to completion. Regards, Yi Liu From: Chhaya Vishwakarma [mailto:Chhaya.Vishwakarma@lntinfotech.com] Sent: Wednesday, August 13, 2014 2:32 PM To: user@hadoop.apache.org Subject: Implementing security in hadoop Hi, I'm trying to implement security on my hadoop data. I'm using Cloudera hado= op Below are the two specific things I'm looking for 1. Role based authorization and authentication 2. Encryption on data residing in HDFS I have looked into Kerboroes but it doesn't provide encryption for data alr= eady residing in HDFS. Are there any other security tools i can go for? has anyone done above two = security features in cloudera hadoop. Please suggest Regards, Chhaya Vishwakarma ________________________________ The contents of this e-mail and any attachment(s) may contain confidential = or privileged information for the intended recipient(s). Unintended recipie= nts are prohibited from taking action on the basis of information in this e= -mail and using or disseminating the information, and must notify the sende= r and delete it from their system. L&T Infotech will not accept responsibil= ity or liability for the accuracy or completeness of, or the presence of an= y virus or disabling code in this e-mail" --_000_0ACA11997C562042A7FDB41B0D58461001AF2F46SHSMSX103ccrcor_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Chhaya,<= /span>

>>> I have looked into Kerboroes but it doesn'= t provide encryption for data already residing in HDFS.

For encryption for dat= a, I suppose you mean data at rest encryption (*not* encryption for data tr= ansport which is already supported), this feature is still under developmen= t and close to completion.

 

Regards,

Yi Liu<= o:p>

 

From: Chhaya V= ishwakarma [mailto:Chhaya.Vishwakarma@lntinfotech.com]
Sent: Wednesday, August 13, 2014 2:32 PM
To: user@hadoop.apache.org
Subject: Implementing security in hadoop

 

Hi,

I'm trying to implement security on my hadoop data. I'm using Cloudera h= adoop

Below are the two specific things I'm looking for

1. Role based authorization and authentication

2. Encryption on data residing in HDFS

I have looked into Kerboroes but it doesn't provide encryption for data = already residing in HDFS.

Are there any other security tools i can go for? has anyone done above t= wo security features in cloudera hadoop.

Please suggest

 

 

Regards,

Chhaya Vishwakarma

 

 

The contents of this e-mail a= nd any attachment(s) may contain confidential or privileged information for= the intended recipient(s). Unintended recipients are prohibited from taking action on the basis of information in this e-mail and using or= disseminating the information, and must notify the sender and delete it fr= om their system. L&T Infotech will not accept responsibility or liabili= ty for the accuracy or completeness of, or the presence of any virus or disabling code in this e-mail"

--_000_0ACA11997C562042A7FDB41B0D58461001AF2F46SHSMSX103ccrcor_--