You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/11/03 15:16:27 UTC

[jira] [Created] (AMBARI-13695) Minimize HDFS and other headless keytab distribution (security concerns)

Robert Levas created AMBARI-13695:
-------------------------------------

             Summary: Minimize HDFS and other headless keytab distribution (security concerns)
                 Key: AMBARI-13695
                 URL: https://issues.apache.org/jira/browse/AMBARI-13695
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
            Priority: Critical
             Fix For: 2.1.3


Currently, we distribute the *hdfs* headless principal to pretty much every single host in the cluster.  
Since *hdfs* is a super user in HDFS, if any one of the hdfs keytabs are compromised on any host, the user can do anything on HDFS.
We need to revisit and see if we can restrict the number of hosts to which we distribute the hdfs headless keytab.
For example, we can perform necessary HDFS operations on one of the master hosts available, rather than picking an arbitrary client / slave hosts as we do today.
Also, we should look into not only hdfs headless keytabs but all other headless ones like hbase, storm, etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)