>From common-dev@
----- Forwarded Message ---- > From: Andrew Purtell <apurt...@apache.org> > To: common-...@hadoop.apache.org > Sent: Tue, February 23, 2010 11:34:16 PM > Subject: Re: Hadoop Security > > See HBASE-1697 and go from there: > https://issues.apache.org/jira/browse/HBASE-1697 > We will try to track as closely to Hadoop ASF common as we can, same AAA top > to > bottom, HBase->RPC->HDFS. > > - Andy > > > > ----- Original Message ---- > > From: "Segel, Mike" > > To: "common-...@hadoop.apache.org" > > Sent: Mon, February 22, 2010 7:18:47 AM > > Subject: RE: Hadoop Security > > > > Hi, > > > > Sorry for jumping in to this late, but has anyone thought about how this > > could > > > be extended in to HBase? > > I realize this is Hadoop security, but eventually HBase and other apps that > sit > > on top of hadoop will have to deal with security issues too. > > > > I'm not suggesting that a solution be worked out now, but that the solution > for > > Hadoop can be extended to cover the apps that sit on top of Hadoop. > > > > Thx > > > > -Mike > > > > -----Original Message----- > > From: Owen O'Malley [mailto:omal...@apache.org] > > Sent: Sunday, February 21, 2010 4:02 PM > > To: common-...@hadoop.apache.org > > Subject: Re: Hadoop Security > > > > > > On Feb 17, 2010, at 9:57 PM, gs...@tce.edu wrote: > > > > > Analyzed that kerberos cab be used for user authentication.when the > > > user > > > wants to submit a job he/she can get delegation token followed by > > > block > > > access token to access data from HDFS.So the client is overloaded with > > > initial 2 tickets (kerberos) TGT(Ticket grating Ticket),ST (service > > > ticket)followed by delegation token and block access token..Is that > > > right?? > > > > When the user logs in to the system, they get a TGT. When they want to > > submit a job, they'll get two service tickets (one for the Name Node > > and one for the Job Tracker). They will get a delegation token from > > the NameNode and include that as part of the job. So in total, > > submitting a job should only take those 2 interactions with the > > Kerberos KDC. > > > > -- Owen > > > > > > The information contained in this communication may be CONFIDENTIAL and is > > intended only for the use of the recipient(s) named above. If you are not > > the > > > intended recipient, you are hereby notified that any dissemination, > > distribution, or copying of this communication, or any of its contents, is > > strictly prohibited. If you have received this communication in error, > > please > > > notify the sender and delete/destroy the original message and any copy of > > it > > from your computer or paper files.
