You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hadoop.apache.org by ravi teja <ra...@gmail.com> on 2016/07/13 12:46:23 UTC
Authentication and security with hadoop
Hi Community,
We wanted to have authentication on hadoop, means want to make sure the
user is what he claims to be and doesn't proxy another users using env
variables.
From many links , I see that the default choice is kerberos with hadoop.
And as far i understand ,I see that ranger is more like a central place to
manage the acls on directories and it doesn't involve in authentication.
And the information online is pretty old, could get any latest information
on the security auth.
I wanted to know if there is other way than kerberos for providing this
authentication layer?
Because kerberos had many operation problems while using with HDFS and now
we no longer use it.
Thanks in advance,
Ravi
Re: Authentication and security with hadoop
Posted by ravi teja <ra...@gmail.com>.
Thanks for the clarification Arpit.
Will check the docs.
Ravi
On Thu, Jul 14, 2016 at 1:44 AM, Arpit Agarwal <aa...@hortonworks.com>
wrote:
> Hi Ravi,
>
>
>
> Kerberos is the only supported mechanism for strong identity. Most Hadoop
> access controls are easily bypassed without Kerberos authentication.
>
>
>
> Kerberos setup can be difficult. Most Kerberos complications arise with
> multi-homed hosts or if DNS/reverse DNS is broken. If you run into specific
> Kerberos operation issues you can ask for answers on this DL.
>
>
>
> Apache Hadoop 2.7.3 will have improved documentation on Kerberos setup.
> Meanwhile you can find the updated docs here:
>
>
> https://github.com/apache/hadoop/blob/branch-2.7.3/hadoop-common-project/hadoop-common/src/site/markdown/SecureMode.md#Multihoming
>
>
>
>
>
> *From: *ravi teja <ra...@gmail.com>
> *Date: *Wednesday, July 13, 2016 at 5:46 AM
> *To: *"user@hadoop.apache.org" <us...@hadoop.apache.org>
> *Subject: *Authentication and security with hadoop
>
>
>
> Hi Community,
>
>
>
> We wanted to have authentication on hadoop, means want to make sure the
> user is what he claims to be and doesn't proxy another users using env
> variables.
>
>
>
> From many links , I see that the default choice is kerberos with hadoop.
>
> And as far i understand ,I see that ranger is more like a central place to
> manage the acls on directories and it doesn't involve in authentication.
>
>
>
> And the information online is pretty old, could get any latest information
> on the security auth.
>
>
>
> I wanted to know if there is other way than kerberos for providing this
> authentication layer?
>
> Because kerberos had many operation problems while using with HDFS and now
> we no longer use it.
>
>
>
> Thanks in advance,
>
> Ravi
>
Re: Authentication and security with hadoop
Posted by Arpit Agarwal <aa...@hortonworks.com>.
Hi Ravi,
Kerberos is the only supported mechanism for strong identity. Most Hadoop access controls are easily bypassed without Kerberos authentication.
Kerberos setup can be difficult. Most Kerberos complications arise with multi-homed hosts or if DNS/reverse DNS is broken. If you run into specific Kerberos operation issues you can ask for answers on this DL.
Apache Hadoop 2.7.3 will have improved documentation on Kerberos setup. Meanwhile you can find the updated docs here:
https://github.com/apache/hadoop/blob/branch-2.7.3/hadoop-common-project/hadoop-common/src/site/markdown/SecureMode.md#Multihoming
From: ravi teja <ra...@gmail.com>
Date: Wednesday, July 13, 2016 at 5:46 AM
To: "user@hadoop.apache.org" <us...@hadoop.apache.org>
Subject: Authentication and security with hadoop
Hi Community,
We wanted to have authentication on hadoop, means want to make sure the user is what he claims to be and doesn't proxy another users using env variables.
From many links , I see that the default choice is kerberos with hadoop.
And as far i understand ,I see that ranger is more like a central place to manage the acls on directories and it doesn't involve in authentication.
And the information online is pretty old, could get any latest information on the security auth.
I wanted to know if there is other way than kerberos for providing this authentication layer?
Because kerberos had many operation problems while using with HDFS and now we no longer use it.
Thanks in advance,
Ravi