You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Raghu Angadi (JIRA)" <ji...@apache.org> on 2007/09/15 00:32:32 UTC

[jira] Commented: (HADOOP-1701) Provide a simple authentication service and a user management service

    [ https://issues.apache.org/jira/browse/HADOOP-1701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12527651 ] 

Raghu Angadi commented on HADOOP-1701:
--------------------------------------

Is there any open source project that uses Java security frame work for the security similar to we want to use? The current HDFS use case is to get user info for every RPC call.

> Provide a simple authentication service and a user management service
> ---------------------------------------------------------------------
>
>                 Key: HADOOP-1701
>                 URL: https://issues.apache.org/jira/browse/HADOOP-1701
>             Project: Hadoop
>          Issue Type: New Feature
>            Reporter: Tsz Wo (Nicholas), SZE
>            Assignee: Tsz Wo (Nicholas), SZE
>         Attachments: 1701_20070827c_framework.patch, design20070828.pdf, guides20070828.pdf, simple20070828.patch
>
>
> In HADOOP-1298, we want to add user information and permission to the file system.  It requires an authentication service and a user management service.  We should provide a framework and a simple implementation in issue and extend it later.  As discussed in HADOOP-1298, the framework should be extensible and pluggable.
> - Extensible: possible to extend the framework to the other parts (e.g. map-reduce) of Hadoop.
> - Pluggable: can easily switch security implementations.  Below is a diagram borrowed from Java.
> !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
> - Implement a Hadoop authentication center (HAC).  In the first step, the mechanism of HAC is very simple, it keeps track a list of usernames (we only support users, will work on other principals later) in HAC and verify username in user login (yeah, no password).  HAC can run inside NameNode or run as a stand alone server.   We will probably use Kerberos to provide more sophisticated authentication service.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.