On Wed, Mar 25, 2009 at 2:49 AM, Doug Cutting <cutt...@apache.org> wrote:
> Amandeep Khurana wrote: > >> 1. The Jira covers only authentication using Kerberos. I dont think >> Kerberos >> is the best way to do it since I feel the scalability is limited. All keys >> have to be negotiated by the Kerberos server. >> > > The design in HADOOP-4343 seeks to minimize the number of key negotiations. > Do you think that's insufficient? If so, please add a comment on that > issue. The NN doing key negotiations is fundamentally not feasible. Thats the limitation of Kerberos and there's only a certain degree to which it can be optimized. The design I proposed in the paper is a little different from Kerberos, where the clients negotiate the keys. This frees up the NN from the responsibility to do this task. > > 2. The Jira doesnt have cover the access control aspect of things. As a >> client, I can skip talking to the NN and get blocks from the DN straight >> away. There is no way to prevent it. This paper takes care of that aspect >> as >> well. >> > > The intent is that access to a block on a datanode will require > authentication. Currently it does not, but as security features are added > this clearly must change. HADOOP-4343 does not mention how this will be > done, but I believe it must be implemented in the same timeframe as namenode > authentication. Agreed. > > > As Raghu said, the security design for Hadoop is far from complete and your > contributions here are very welcome. Got that. > > > Doug > >
