yes second option is not hadoop aware but in general for web services. I really don't think that particular thing has been open sourced I may try to explain that stuff offline
for hadoop related security either you rely on network security or kerberos. You may also try securing hadoop with active directory https://ccp.cloudera.com/display/CDHDOC/Integrating+Hadoop+Security+with+Active+Directory for webservices related security you can reach me, we can discuss that if you need it On Tue, Jan 22, 2013 at 11:07 PM, Fabio Pitzolu <[email protected]>wrote: > Hi Nitin, thank you for the answer.**** > > Your second option will be the most feasible, and I think that this not > hadoop-aware, but it’s a general Tomcat configuration, am I right?**** > > Could you please link me some doc about this configuration?**** > > ** ** > > Thanks a lot!**** > > ** ** > > ** ** > > *Fabio Pitzolu* > > **** > > ** ** > > *From:* Nitin Pawar [mailto:[email protected]] > *Sent:* martedì 22 gennaio 2013 17:56 > *To:* [email protected] > *Subject:* Re: Using certificates to secure Hadoop**** > > ** ** > > on network level easy way would be you host your entire infrastructure > into a private network with just one internet facing gateway via which your > client can access your webservice. And in case you need to access internet > for hadoop/oozie then you can setup a NAT **** > > this will be like building your private cloud infra with different > internet gateways **** > > ** ** > > other way would be you build your own certificate based authentication > library. (we used to have this @ yahoo where we used to restrict access to > server having certificate only) **** > > ** ** > > On Tue, Jan 22, 2013 at 8:50 PM, Fabio Pitzolu <[email protected]> > wrote:**** > > Hi all,**** > > I’ve been asked to check whether is possible to use certificates to secure > the connection between Hadoop and Oozie and the “external world” or not.** > ** > > Case is this:**** > > We have to develop a webservice to run Oozie workflows and access HDFS, so > that there will be just one “interface” between the cluster and a user web > application.**** > > Current security scenario does not allow to use Kerberos to authenticate > the users, so we were thinking about using certificates, distributed > through the Tomcat stack (as show on the following diagram).**** > > The idea is that only a client (in this case the client would be the Java > WebService – the blue box) with the right certificate could “talk” to the > Hadoop / Oozie machines.**** > > **** > > **** > > **** > > Is it possible to achieve this scenario?**** > > If so, is there a whitepaper on the Internet that shows how to do this?*** > * > > If not possible, what do you think would be the best security solution not > using Kerberos (example, firewall sec., IP security, …)? **** > > **** > > Thank you very much, have a nice day!**** > > **** > > Fabio Pitzolu**** > > **** > > > > **** > > ** ** > > -- > Nitin Pawar**** > -- Nitin Pawar
<<image001.png>>
