Amandeep Khurana wrote:
1. The Jira covers only authentication using Kerberos. I dont think Kerberos is the best way to do it since I feel the scalability is limited. All keys have to be negotiated by the Kerberos server.
The design in HADOOP-4343 seeks to minimize the number of key negotiations. Do you think that's insufficient? If so, please add a comment on that issue.
2. The Jira doesnt have cover the access control aspect of things. As a client, I can skip talking to the NN and get blocks from the DN straight away. There is no way to prevent it. This paper takes care of that aspect as well.
The intent is that access to a block on a datanode will require authentication. Currently it does not, but as security features are added this clearly must change. HADOOP-4343 does not mention how this will be done, but I believe it must be implemented in the same timeframe as namenode authentication.
As Raghu said, the security design for Hadoop is far from complete and your contributions here are very welcome.
Doug
