You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Chris Douglas (JIRA)" <ji...@apache.org> on 2008/03/01 02:06:00 UTC
[jira] Updated: (HADOOP-2239) Security: Need to be able to encrypt
Hadoop socket connections
[ https://issues.apache.org/jira/browse/HADOOP-2239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Douglas updated HADOOP-2239:
----------------------------------
Attachment: 2239-1.patch
This patch adds some documentation, per Nicholas's recommendation. It does not include any test cases, as the requirements for configuring ssl are somewhat onerous and- in my limited experience- not amenable to automation in a test case. Lacking certs, it was tested with Firefox and appears correct. The passwords are stored in a config file, which is regrettable, but the resource storing them need only be on the classpath. Getting this information is out-of-band as it is, and an auxiliary config file seemed the most expedient and mostly-correct option available. For Right Now(tm), it should suffice.
> Security: Need to be able to encrypt Hadoop socket connections
> ---------------------------------------------------------------
>
> Key: HADOOP-2239
> URL: https://issues.apache.org/jira/browse/HADOOP-2239
> Project: Hadoop Core
> Issue Type: Bug
> Components: dfs
> Reporter: Allen Wittenauer
> Fix For: 0.17.0
>
> Attachments: 2239-0.patch, 2239-1.patch
>
>
> We need to be able to use hadoop over hostile networks, both internally and externally to the enterpise. While authentication prevents unauthorized access, encryption should be used to prevent such things as packet snooping across the wire. This means that hadoop client connections, distcp, etc, would use something such as SSL to protect the TCP/IP packets. Post-Kerberos, it would be useful to use something similar to NFS's krb5p option.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.