You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-user@hadoop.apache.org by John Lilley <jo...@redpoint.net> on 2014/04/20 23:39:59 UTC
HDFS and YARN security and interface impacts
We have an application that interfaces directly to HDFS and YARN (no MapReduce). It does not currently support any Hadoop security other than the insecure "trust the client" defaults. I've been doing some reading about Hadoop security, but it mostly assumes that applications will be MapReduce. For a "native" YARN/HDFS application, what changes if any must be made to the API calls to support Kerberos or other authentication? Does it just happen automatically at the OS level using the authenticated user ID of the process? If there's a good reference I'd appreciate it.
john
HDFS and YARN security and interface impacts
Posted by John Lilley <jo...@redpoint.net>.
Hi, can anyone help me with this?
From: John Lilley [mailto:john.lilley@redpoint.net]
Sent: Sunday, April 20, 2014 3:40 PM
To: user@hadoop.apache.org
Subject: HDFS and YARN security and interface impacts
We have an application that interfaces directly to HDFS and YARN (no MapReduce). It does not currently support any Hadoop security other than the insecure "trust the client" defaults. I've been doing some reading about Hadoop security, but it mostly assumes that applications will be MapReduce. For a "native" YARN/HDFS application, what changes if any must be made to the API calls to support Kerberos or other authentication? Does it just happen automatically at the OS level using the authenticated user ID of the process? If there's a good reference I'd appreciate it.
john
HDFS and YARN security and interface impacts
Posted by John Lilley <jo...@redpoint.net>.
Hi, can anyone help me with this?
From: John Lilley [mailto:john.lilley@redpoint.net]
Sent: Sunday, April 20, 2014 3:40 PM
To: user@hadoop.apache.org
Subject: HDFS and YARN security and interface impacts
We have an application that interfaces directly to HDFS and YARN (no MapReduce). It does not currently support any Hadoop security other than the insecure "trust the client" defaults. I've been doing some reading about Hadoop security, but it mostly assumes that applications will be MapReduce. For a "native" YARN/HDFS application, what changes if any must be made to the API calls to support Kerberos or other authentication? Does it just happen automatically at the OS level using the authenticated user ID of the process? If there's a good reference I'd appreciate it.
john
HDFS and YARN security and interface impacts
Posted by John Lilley <jo...@redpoint.net>.
Hi, can anyone help me with this?
From: John Lilley [mailto:john.lilley@redpoint.net]
Sent: Sunday, April 20, 2014 3:40 PM
To: user@hadoop.apache.org
Subject: HDFS and YARN security and interface impacts
We have an application that interfaces directly to HDFS and YARN (no MapReduce). It does not currently support any Hadoop security other than the insecure "trust the client" defaults. I've been doing some reading about Hadoop security, but it mostly assumes that applications will be MapReduce. For a "native" YARN/HDFS application, what changes if any must be made to the API calls to support Kerberos or other authentication? Does it just happen automatically at the OS level using the authenticated user ID of the process? If there's a good reference I'd appreciate it.
john
HDFS and YARN security and interface impacts
Posted by John Lilley <jo...@redpoint.net>.
Hi, can anyone help me with this?
From: John Lilley [mailto:john.lilley@redpoint.net]
Sent: Sunday, April 20, 2014 3:40 PM
To: user@hadoop.apache.org
Subject: HDFS and YARN security and interface impacts
We have an application that interfaces directly to HDFS and YARN (no MapReduce). It does not currently support any Hadoop security other than the insecure "trust the client" defaults. I've been doing some reading about Hadoop security, but it mostly assumes that applications will be MapReduce. For a "native" YARN/HDFS application, what changes if any must be made to the API calls to support Kerberos or other authentication? Does it just happen automatically at the OS level using the authenticated user ID of the process? If there's a good reference I'd appreciate it.
john