[
https://issues.apache.org/jira/browse/HDFS-8613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14625534#comment-14625534
]
Tsz Wo Nicholas Sze commented on HDFS-8613:
-------------------------------------------
We has service-level authorization in rpc server; see
org.apache.hadoop.ipc.Server and
org.apache.hadoop.security.authorize.ServiceAuthorizationManager. It is
possible to configure which users could use which protocols in which hosts.
> Add option to list up allowed hosts that can do any operation to NameNode.
> --------------------------------------------------------------------------
>
> Key: HDFS-8613
> URL: https://issues.apache.org/jira/browse/HDFS-8613
> Project: Hadoop HDFS
> Issue Type: Improvement
> Affects Versions: 2.7.0
> Reporter: Kai Sasaki
> Assignee: Kai Sasaki
> Priority: Minor
>
> Current NameNode receives all operations through client protocol from any
> hosts.
> However, some critical operations such as {{format}} should be restricted
> with not only Kerberos authentication but also with host names in order to
> prevent us from formatting NameNode by mistake. It is better to add option to
> write some allowed hosts which can do any operations to NameNode.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
