[
https://issues.apache.org/jira/browse/HADOOP-1701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tsz Wo (Nicholas), SZE updated HADOOP-1701:
-------------------------------------------
Fix Version/s: 0.16.0
Description:
Only provide a security framework as described below. A simple implementation
will be provided in HADOOP-2229.
h4._Previous Description_
In HADOOP-1298, we want to add user information and permission to the file
system. It requires an authentication service and a user management service.
We should provide a framework and a simple implementation in issue and extend
it later. As discussed in HADOOP-1298, the framework should be extensible and
pluggable.
- Extensible: possible to extend the framework to the other parts (e.g.
map-reduce) of Hadoop.
- Pluggable: can easily switch security implementations. Below is a diagram
borrowed from Java.
!http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
- Implement a Hadoop authentication center (HAC). In the first step, the
mechanism of HAC is very simple, it keeps track a list of usernames (we only
support users, will work on other principals later) in HAC and verify username
in user login (yeah, no password). HAC can run inside NameNode or run as a
stand alone server. We will probably use Kerberos to provide more
sophisticated authentication service.
was:
In HADOOP-1298, we want to add user information and permission to the file
system. It requires an authentication service and a user management service.
We should provide a framework and a simple implementation in issue and extend
it later. As discussed in HADOOP-1298, the framework should be extensible and
pluggable.
- Extensible: possible to extend the framework to the other parts (e.g.
map-reduce) of Hadoop.
- Pluggable: can easily switch security implementations. Below is a diagram
borrowed from Java.
!http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
- Implement a Hadoop authentication center (HAC). In the first step, the
mechanism of HAC is very simple, it keeps track a list of usernames (we only
support users, will work on other principals later) in HAC and verify username
in user login (yeah, no password). HAC can run inside NameNode or run as a
stand alone server. We will probably use Kerberos to provide more
sophisticated authentication service.
Affects Version/s: 0.15.0
Summary: Provide a security framework design (was: Provide a
simple authentication service and a user management service)
> Provide a security framework design
> -----------------------------------
>
> Key: HADOOP-1701
> URL: https://issues.apache.org/jira/browse/HADOOP-1701
> Project: Hadoop
> Issue Type: New Feature
> Affects Versions: 0.15.0
> Reporter: Tsz Wo (Nicholas), SZE
> Assignee: Tsz Wo (Nicholas), SZE
> Fix For: 0.16.0
>
> Attachments: 1701_20071109.patch
>
>
> Only provide a security framework as described below. A simple
> implementation will be provided in HADOOP-2229.
> h4._Previous Description_
> In HADOOP-1298, we want to add user information and permission to the file
> system. It requires an authentication service and a user management service.
> We should provide a framework and a simple implementation in issue and
> extend it later. As discussed in HADOOP-1298, the framework should be
> extensible and pluggable.
> - Extensible: possible to extend the framework to the other parts (e.g.
> map-reduce) of Hadoop.
> - Pluggable: can easily switch security implementations. Below is a diagram
> borrowed from Java.
> !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
> - Implement a Hadoop authentication center (HAC). In the first step, the
> mechanism of HAC is very simple, it keeps track a list of usernames (we only
> support users, will work on other principals later) in HAC and verify
> username in user login (yeah, no password). HAC can run inside NameNode or
> run as a stand alone server. We will probably use Kerberos to provide more
> sophisticated authentication service.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
