You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by Owen O'Malley <oo...@yahoo-inc.com> on 2009/12/18 23:17:28 UTC
Security design document
All,
As I've mentioned in my talks at Hadoop World and ApacheCon US, we
are working on putting security into Hadoop. Our goal is to have it
done in February 2010. Clearly, there are a whole set of Jiras that
have been filed for the last year or so that represent the individual
parts, but I wanted to publish the overview design documentation to
give a big picture view. The high-level overview is that the initial
communication will be secured with Kerberos, but within a job the
tasks will get delegation tokens from the NameNode. Of course we'll
leave the non-authenticated mode available. I've also attached the
document to HADOOP-4487.
At Yahoo, we have a lot of sensitive information that we'd like to
put on our grids, and thus we want to get security deployed as
quickly as we reasonably can next year. In trying to stabilize the
upcoming 0.21 release, we've been hitting a lot of snags. Therefore,
we are going to back port the security changes into our yahoo 0.20
branch. It was a decision that we didn't make lightly, since it means
doing the work both in trunk and back porting all of the patches in to
our Yahoo 0.20 branch.
-- Owen