Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-4343

Adding user and service-to-service authentication to Hadoop

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • None
    • 0.20.203.0
    • None
    • None

    Description

      Currently, Hadoop services do not authenticate users or other services. As a result, Hadoop is subject to the following security risks.

      1. A user can access an HDFS or M/R cluster as any other user. This makes it impossible to enforce access control in an uncooperative environment. For example, file permission checking on HDFS can be easily circumvented.

      2. An attacker can masquerade as Hadoop services. For example, user code running on a M/R cluster can register itself as a new TaskTracker.

      This JIRA is intended to be a tracking JIRA, where we discuss requirements, agree on a general approach and identify subtasks. Detailed design and implementation are the subject of those subtasks.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            kzhang Kan Zhang
            kzhang Kan Zhang
            Votes:
            0 Vote for this issue
            Watchers:
            17 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment