Hi, Sorry for jumping in to this late, but has anyone thought about how this could be extended in to HBase? I realize this is Hadoop security, but eventually HBase and other apps that sit on top of hadoop will have to deal with security issues too.
I'm not suggesting that a solution be worked out now, but that the solution for Hadoop can be extended to cover the apps that sit on top of Hadoop. Thx -Mike -----Original Message----- From: Owen O'Malley [mailto:omal...@apache.org] Sent: Sunday, February 21, 2010 4:02 PM To: common-dev@hadoop.apache.org Subject: Re: Hadoop Security On Feb 17, 2010, at 9:57 PM, gs...@tce.edu wrote: > Analyzed that kerberos cab be used for user authentication.when the > user > wants to submit a job he/she can get delegation token followed by > block > access token to access data from HDFS.So the client is overloaded with > initial 2 tickets (kerberos) TGT(Ticket grating Ticket),ST (service > ticket)followed by delegation token and block access token..Is that > right?? When the user logs in to the system, they get a TGT. When they want to submit a job, they'll get two service tickets (one for the Name Node and one for the Job Tracker). They will get a delegation token from the NameNode and include that as part of the job. So in total, submitting a job should only take those 2 interactions with the Kerberos KDC. -- Owen The information contained in this communication may be CONFIDENTIAL and is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please notify the sender and delete/destroy the original message and any copy of it from your computer or paper files.
