On Thu, Jul 23, 2009 at 09:20, Ted Dunning<[email protected]> wrote: > Last I heard, the API could be suborned in this scenario. Real credential > based identity would be needed to provide more than this. > > The hack would involve a changed hadoop library that lies about identity. > This would not be difficult to do.
Indeed if you change the library everything gets possible. I've implemented for ZooKeeper an SSH based authentication, if Hadoop ever gets pluggable authentication modules I guess this could be ported. Mathias.
