MRv2 WebApp Security
--------------------
Key: MAPREDUCE-2858
URL: https://issues.apache.org/jira/browse/MAPREDUCE-2858
Project: Hadoop Map/Reduce
Issue Type: Improvement
Components: mrv2
Affects Versions: 0.23.0
Reporter: Luke Lu
Assignee: Luke Lu
Fix For: 0.23.0
In MRv2, while the system servers (ResourceManager (RM), NodeManager (NM) and
NameNode (NN)) run as "trusted"
system users, the application masters (AM) run as users who submit the
application. While this offers great flexibility
to run multiple version of mapreduce frameworks (including their UI) on the
same Hadoop cluster, it has significant
implication for the security of webapps (Please do not discuss company specific
vulnerabilities here).
Requirements:
0. Secure authentication for AM (for app/job level ACLs).
1. Webapp security should be optional via site configuration.
2. Support existing pluggable single sign on mechanisms.
3. Should not require per app/user configuration for deployment.
4. Should not require special site-wide DNS configuration for deployment.
This the top jira for webapp security. A design doc/notes of threat-modeling
and counter measures will be posted on the wiki.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
