Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.0.0
Description
Currently, we distribute the hdfs headless principal to pretty much every single host in the cluster.
Since hdfs is a super user in HDFS, if any one of the hdfs keytabs are compromised on any host, the user can do anything on HDFS.
We need to revisit and see if we can restrict the number of hosts to which we distribute the hdfs headless keytab.
For example, we can perform necessary HDFS operations on one of the master hosts available, rather than picking an arbitrary client / slave hosts as we do today.
Also, we should look into not only hdfs headless keytabs but all other headless ones like hbase, storm, etc.
Attachments
Issue Links
- links to