[HADOOP-10651] Add ability to restrict service access using IP addresses and hostnames - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.0
Fix Version/s: 2.7.0
Component/s: security
Labels:
None

Hadoop Flags:

Reviewed

Description

In some use cases, it make sense to authorize the usage of some services only from specific hosts. Just like ACLS for Service Authorization , there can be a list of hosts for each service and this list can be checked during authorization.

Similar to ACLS, there can be a whitelist of ip and blacklist of ips. The default whitelist will be * and default blacklist will be empty. It should be possible to override the default whitelist and default blacklist. It should be possible to define whitelist and blacklist per service.
It should be possible to define ip ranges in blacklists and whitelists

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-10651.patch
07/Jan/15 22:38
21 kB
Benoy Antony
HADOOP-10651.patch
30/Aug/14 05:57
16 kB
Benoy Antony
HADOOP-10651.patch
01/Jul/14 01:45
16 kB
Benoy Antony

Issue Links

depends upon

HADOOP-10649 Allow overriding the default ACL for service authorization

Closed

HADOOP-10650 Add ability to specify a reverse ACL (black list) of users and groups

Closed

is depended upon by

HADOOP-10654 Support pluggable mechanism to specify Service Authorization

Open

HADOOP-10679 Authorize webui access using ServiceAuthorizationManager

Patch Available

is related to

HADOOP-14702 Fix formatting issue and regression caused by conversion from APT to Markdown

Resolved

requires

HADOOP-10565 Support IP ranges (CIDR) in proxyuser.hosts

Closed

(1 requires)

Activity

People

Assignee:: Benoy Antony

Reporter:: Benoy Antony

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 02/Jun/14 01:47

Updated:: 31/Jul/17 09:30

Resolved:: 08/Jan/15 18:12