hadoop-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arpit Agarwal <aagar...@hortonworks.com>
Subject Re: Authentication and security with hadoop
Date Wed, 13 Jul 2016 20:14:53 GMT
Hi Ravi,

Kerberos is the only supported mechanism for strong identity. Most Hadoop access controls
are easily bypassed without Kerberos authentication.

Kerberos setup can be difficult. Most Kerberos complications arise with multi-homed hosts
or if DNS/reverse DNS is broken. If you run into specific Kerberos operation issues you can
ask for answers on this DL.

Apache Hadoop 2.7.3 will have improved documentation on Kerberos setup. Meanwhile you can
find the updated docs here:
https://github.com/apache/hadoop/blob/branch-2.7.3/hadoop-common-project/hadoop-common/src/site/markdown/SecureMode.md#Multihoming


From: ravi teja <raviorteja@gmail.com>
Date: Wednesday, July 13, 2016 at 5:46 AM
To: "user@hadoop.apache.org" <user@hadoop.apache.org>
Subject: Authentication and security with hadoop

Hi Community,

We wanted to have authentication on hadoop, means want to make sure the user is what he claims
to be and doesn't proxy another users using env variables.

From many links , I see that the default choice is kerberos with hadoop.
And as far i understand ,I see that ranger is more like a central place to manage the acls
on directories and it doesn't involve in authentication.

And the information online is pretty old, could get any latest information on the security
auth.

I wanted to know if there is other way than kerberos for providing this authentication layer?
Because kerberos had many operation problems while using with HDFS and now we no longer use
it.

Thanks in advance,
Ravi
Mime
View raw message