Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Later
    • Affects Version/s: 0.15.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Only provide a security framework as described below. A simple implementation will be provided in HADOOP-2229.

      Previous Description

      In HADOOP-1298, we want to add user information and permission to the file system. It requires an authentication service and a user management service. We should provide a framework and a simple implementation in issue and extend it later. As discussed in HADOOP-1298, the framework should be extensible and pluggable.

      • Extensible: possible to extend the framework to the other parts (e.g. map-reduce) of Hadoop.
      • Pluggable: can easily switch security implementations. Below is a diagram borrowed from Java.

      • Implement a Hadoop authentication center (HAC). In the first step, the mechanism of HAC is very simple, it keeps track a list of usernames (we only support users, will work on other principals later) in HAC and verify username in user login (yeah, no password). HAC can run inside NameNode or run as a stand alone server. We will probably use Kerberos to provide more sophisticated authentication service.
      1. 1701_20071109.patch
        16 kB
        Tsz Wo Nicholas Sze

        Issue Links

          Activity

          Tsz Wo Nicholas Sze created issue -
          Tsz Wo Nicholas Sze made changes -
          Field Original Value New Value
          Link This issue relates to HADOOP-1298 [ HADOOP-1298 ]
          Tsz Wo Nicholas Sze made changes -
          Link This issue is related to HADOOP-1298 [ HADOOP-1298 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070809.patch [ 12363555 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070809.patch [ 12363555 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070813.patch [ 12363732 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070813.patch [ 12363732 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070813b.patch [ 12363739 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070813b.patch [ 12363739 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070813c.patch [ 12363743 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment users.txt [ 12363744 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070813c.patch [ 12363743 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070815.patch [ 12363900 ]
          Tsz Wo Nicholas Sze made changes -
          Link This issue blocks HADOOP-1741 [ HADOOP-1741 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070815.patch [ 12363900 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment users.txt [ 12363744 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070821framework.patch [ 12364257 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment guides20070822.pdf [ 12364352 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment guides20070822.pdf [ 12364352 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070821framework.patch [ 12364257 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070822framework.patch [ 12364362 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070822framework.patch [ 12364362 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070822b_framework.patch [ 12364370 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment guides20070822b.pdf [ 12364372 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070822b_framework.patch [ 12364370 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070823framework.patch [ 12364445 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070823framework.patch [ 12364445 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070827framework.patch [ 12364631 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070827framework.patch [ 12364631 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070827b_framework.patch [ 12364643 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment guides20070822b.pdf [ 12364372 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment guides20070827.pdf [ 12364654 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070827b_framework.patch [ 12364643 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070827c_framework.patch [ 12364655 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment guides20070827.pdf [ 12364654 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment guides20070828.pdf [ 12364698 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment design20070828.pdf [ 12364699 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment simple20070828.patch [ 12364700 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20070827c_framework.patch [ 12364655 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment design20070828.pdf [ 12364699 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment guides20070828.pdf [ 12364698 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment simple20070828.patch [ 12364700 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20071009api.patch [ 12367397 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20071009api.patch [ 12367397 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20071109.patch [ 12369257 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20071109.patch [ 12369257 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 1701_20071109.patch [ 12369260 ]
          Tsz Wo Nicholas Sze made changes -
          Link This issue blocks HADOOP-2184 [ HADOOP-2184 ]
          Tsz Wo Nicholas Sze made changes -
          Summary Provide a simple authentication service and a user management service Provide a security framework design
          Fix Version/s 0.16.0 [ 12312740 ]
          Description In HADOOP-1298, we want to add user information and permission to the file system. It requires an authentication service and a user management service. We should provide a framework and a simple implementation in issue and extend it later. As discussed in HADOOP-1298, the framework should be extensible and pluggable.

          - Extensible: possible to extend the framework to the other parts (e.g. map-reduce) of Hadoop.

          - Pluggable: can easily switch security implementations. Below is a diagram borrowed from Java.

          !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!

          - Implement a Hadoop authentication center (HAC). In the first step, the mechanism of HAC is very simple, it keeps track a list of usernames (we only support users, will work on other principals later) in HAC and verify username in user login (yeah, no password). HAC can run inside NameNode or run as a stand alone server. We will probably use Kerberos to provide more sophisticated authentication service.
          Only provide a security framework as described below. A simple implementation will be provided in HADOOP-2229.

          h4._Previous Description_
          In HADOOP-1298, we want to add user information and permission to the file system. It requires an authentication service and a user management service. We should provide a framework and a simple implementation in issue and extend it later. As discussed in HADOOP-1298, the framework should be extensible and pluggable.

          - Extensible: possible to extend the framework to the other parts (e.g. map-reduce) of Hadoop.

          - Pluggable: can easily switch security implementations. Below is a diagram borrowed from Java.

          !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!

          - Implement a Hadoop authentication center (HAC). In the first step, the mechanism of HAC is very simple, it keeps track a list of usernames (we only support users, will work on other principals later) in HAC and verify username in user login (yeah, no password). HAC can run inside NameNode or run as a stand alone server. We will probably use Kerberos to provide more sophisticated authentication service.
          Affects Version/s 0.15.0 [ 12312565 ]
          Tsz Wo Nicholas Sze made changes -
          Link This issue blocks HADOOP-2229 [ HADOOP-2229 ]
          Tsz Wo Nicholas Sze made changes -
          Link This issue blocks HADOOP-2229 [ HADOOP-2229 ]
          Tsz Wo Nicholas Sze made changes -
          Link This issue blocks HADOOP-2229 [ HADOOP-2229 ]
          Hairong Kuang made changes -
          Link This issue blocks HADOOP-2229 [ HADOOP-2229 ]
          Raghu Angadi made changes -
          Link This issue blocks HADOOP-2184 [ HADOOP-2184 ]
          Robert Chansler made changes -
          Component/s dfs [ 12310710 ]
          Nigel Daley made changes -
          Fix Version/s 0.16.0 [ 12312740 ]
          Tsz Wo Nicholas Sze made changes -
          Assignee Tsz Wo (Nicholas), SZE [ szetszwo ]
          Tsz Wo Nicholas Sze made changes -
          Resolution Later [ 7 ]
          Status Open [ 1 ] Resolved [ 5 ]
          Nigel Daley made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Owen O'Malley made changes -
          Component/s dfs [ 12310710 ]
          Gavin made changes -
          Link This issue blocks HADOOP-1741 [ HADOOP-1741 ]
          Gavin made changes -
          Link This issue is depended upon by HADOOP-1741 [ HADOOP-1741 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              Tsz Wo Nicholas Sze
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development