kerberos for outside threads

[Koert Kuipers <ko...@tresata.com>]

i understand kerberos is used on hadoop to provide security in a multi-user
environment, and i can totally see its usage for a shared cluster within a
company to make sure sensitive data for one department is safe from prying
eyes of another department.

but for a hadoop cluster that sits "behind" a bunch of web servers to do
say log analysis, and that already is protected by standard measures (no
route to cluster from outside, so a web server would have to get
compromised to gain access), is there any value in securing it with
kerberos? does anyone do that?

Re: kerberos for outside threads

[Vinod Kumar Vavilapalli <vi...@hortonworks.com>]

That is a very appropriate setup. As long as those assumptions remain valid, of course. This was the only way how early hadoop clusters were secured - by restricting access to the cluster using firewall and gateways.

+Vinod

On Jan 21, 2014, at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:

> but for a hadoop cluster that sits "behind" a bunch of web servers to do say log analysis, and that already is protected by standard measures (no route to cluster from outside, so a web server would have to get compromised to gain access), is there any value in securing it with kerberos? does anyone do that?


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: kerberos for outside threads

[Koert Kuipers <ko...@tresata.com>]

Hey Haohui,
Thanks for responding. I understand that I can disable security. I am
wondering if I should in this situation. Or to turn the question around: is
there a significant benefit to turning security on here?
On Jan 21, 2014 8:26 PM, "Haohui Mai" <hm...@hortonworks.com> wrote:

> Hi Koert,
>
> I'm wondering what is the end-to-end goal you want to achieve.
>
> You can disable security in Hadoop, where the cluster does not perform
> additional authentication. Obviously you can go without kerberos in this
> case and protect your clusters with other measures you've mentioned.
>
> Alternatively, you can enable security without kerberos by plugging in
> your own authentication filter.
>
> ~Haohui
>
>
>
>
> On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:
>
>> i understand kerberos is used on hadoop to provide security in a
>> multi-user environment, and i can totally see its usage for a shared
>> cluster within a company to make sure sensitive data for one department is
>> safe from prying eyes of another department.
>>
>> but for a hadoop cluster that sits "behind" a bunch of web servers to do
>> say log analysis, and that already is protected by standard measures (no
>> route to cluster from outside, so a web server would have to get
>> compromised to gain access), is there any value in securing it with
>> kerberos? does anyone do that?
>>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.

Re: kerberos for outside threads

[Koert Kuipers <ko...@tresata.com>]

Hey Haohui,
Thanks for responding. I understand that I can disable security. I am
wondering if I should in this situation. Or to turn the question around: is
there a significant benefit to turning security on here?
On Jan 21, 2014 8:26 PM, "Haohui Mai" <hm...@hortonworks.com> wrote:

> Hi Koert,
>
> I'm wondering what is the end-to-end goal you want to achieve.
>
> You can disable security in Hadoop, where the cluster does not perform
> additional authentication. Obviously you can go without kerberos in this
> case and protect your clusters with other measures you've mentioned.
>
> Alternatively, you can enable security without kerberos by plugging in
> your own authentication filter.
>
> ~Haohui
>
>
>
>
> On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:
>
>> i understand kerberos is used on hadoop to provide security in a
>> multi-user environment, and i can totally see its usage for a shared
>> cluster within a company to make sure sensitive data for one department is
>> safe from prying eyes of another department.
>>
>> but for a hadoop cluster that sits "behind" a bunch of web servers to do
>> say log analysis, and that already is protected by standard measures (no
>> route to cluster from outside, so a web server would have to get
>> compromised to gain access), is there any value in securing it with
>> kerberos? does anyone do that?
>>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.

Re: kerberos for outside threads

[Koert Kuipers <ko...@tresata.com>]

Hey Haohui,
Thanks for responding. I understand that I can disable security. I am
wondering if I should in this situation. Or to turn the question around: is
there a significant benefit to turning security on here?
On Jan 21, 2014 8:26 PM, "Haohui Mai" <hm...@hortonworks.com> wrote:

> Hi Koert,
>
> I'm wondering what is the end-to-end goal you want to achieve.
>
> You can disable security in Hadoop, where the cluster does not perform
> additional authentication. Obviously you can go without kerberos in this
> case and protect your clusters with other measures you've mentioned.
>
> Alternatively, you can enable security without kerberos by plugging in
> your own authentication filter.
>
> ~Haohui
>
>
>
>
> On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:
>
>> i understand kerberos is used on hadoop to provide security in a
>> multi-user environment, and i can totally see its usage for a shared
>> cluster within a company to make sure sensitive data for one department is
>> safe from prying eyes of another department.
>>
>> but for a hadoop cluster that sits "behind" a bunch of web servers to do
>> say log analysis, and that already is protected by standard measures (no
>> route to cluster from outside, so a web server would have to get
>> compromised to gain access), is there any value in securing it with
>> kerberos? does anyone do that?
>>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.

Re: kerberos for outside threads

[Koert Kuipers <ko...@tresata.com>]

Hey Haohui,
Thanks for responding. I understand that I can disable security. I am
wondering if I should in this situation. Or to turn the question around: is
there a significant benefit to turning security on here?
On Jan 21, 2014 8:26 PM, "Haohui Mai" <hm...@hortonworks.com> wrote:

> Hi Koert,
>
> I'm wondering what is the end-to-end goal you want to achieve.
>
> You can disable security in Hadoop, where the cluster does not perform
> additional authentication. Obviously you can go without kerberos in this
> case and protect your clusters with other measures you've mentioned.
>
> Alternatively, you can enable security without kerberos by plugging in
> your own authentication filter.
>
> ~Haohui
>
>
>
>
> On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:
>
>> i understand kerberos is used on hadoop to provide security in a
>> multi-user environment, and i can totally see its usage for a shared
>> cluster within a company to make sure sensitive data for one department is
>> safe from prying eyes of another department.
>>
>> but for a hadoop cluster that sits "behind" a bunch of web servers to do
>> say log analysis, and that already is protected by standard measures (no
>> route to cluster from outside, so a web server would have to get
>> compromised to gain access), is there any value in securing it with
>> kerberos? does anyone do that?
>>
>
>
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.

Re: kerberos for outside threads

[Haohui Mai <hm...@hortonworks.com>]

Hi Koert,

I'm wondering what is the end-to-end goal you want to achieve.

You can disable security in Hadoop, where the cluster does not perform
additional authentication. Obviously you can go without kerberos in this
case and protect your clusters with other measures you've mentioned.

Alternatively, you can enable security without kerberos by plugging in your
own authentication filter.

~Haohui




On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:

> i understand kerberos is used on hadoop to provide security in a
> multi-user environment, and i can totally see its usage for a shared
> cluster within a company to make sure sensitive data for one department is
> safe from prying eyes of another department.
>
> but for a hadoop cluster that sits "behind" a bunch of web servers to do
> say log analysis, and that already is protected by standard measures (no
> route to cluster from outside, so a web server would have to get
> compromised to gain access), is there any value in securing it with
> kerberos? does anyone do that?
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: kerberos for outside threads

[Vinod Kumar Vavilapalli <vi...@hortonworks.com>]

That is a very appropriate setup. As long as those assumptions remain valid, of course. This was the only way how early hadoop clusters were secured - by restricting access to the cluster using firewall and gateways.

+Vinod

On Jan 21, 2014, at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:

> but for a hadoop cluster that sits "behind" a bunch of web servers to do say log analysis, and that already is protected by standard measures (no route to cluster from outside, so a web server would have to get compromised to gain access), is there any value in securing it with kerberos? does anyone do that?


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: kerberos for outside threads

[Haohui Mai <hm...@hortonworks.com>]

Hi Koert,

I'm wondering what is the end-to-end goal you want to achieve.

You can disable security in Hadoop, where the cluster does not perform
additional authentication. Obviously you can go without kerberos in this
case and protect your clusters with other measures you've mentioned.

Alternatively, you can enable security without kerberos by plugging in your
own authentication filter.

~Haohui




On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:

> i understand kerberos is used on hadoop to provide security in a
> multi-user environment, and i can totally see its usage for a shared
> cluster within a company to make sure sensitive data for one department is
> safe from prying eyes of another department.
>
> but for a hadoop cluster that sits "behind" a bunch of web servers to do
> say log analysis, and that already is protected by standard measures (no
> route to cluster from outside, so a web server would have to get
> compromised to gain access), is there any value in securing it with
> kerberos? does anyone do that?
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: kerberos for outside threads

[Haohui Mai <hm...@hortonworks.com>]

Hi Koert,

I'm wondering what is the end-to-end goal you want to achieve.

You can disable security in Hadoop, where the cluster does not perform
additional authentication. Obviously you can go without kerberos in this
case and protect your clusters with other measures you've mentioned.

Alternatively, you can enable security without kerberos by plugging in your
own authentication filter.

~Haohui




On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:

> i understand kerberos is used on hadoop to provide security in a
> multi-user environment, and i can totally see its usage for a shared
> cluster within a company to make sure sensitive data for one department is
> safe from prying eyes of another department.
>
> but for a hadoop cluster that sits "behind" a bunch of web servers to do
> say log analysis, and that already is protected by standard measures (no
> route to cluster from outside, so a web server would have to get
> compromised to gain access), is there any value in securing it with
> kerberos? does anyone do that?
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: kerberos for outside threads

[Vinod Kumar Vavilapalli <vi...@hortonworks.com>]

That is a very appropriate setup. As long as those assumptions remain valid, of course. This was the only way how early hadoop clusters were secured - by restricting access to the cluster using firewall and gateways.

+Vinod

On Jan 21, 2014, at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:

> but for a hadoop cluster that sits "behind" a bunch of web servers to do say log analysis, and that already is protected by standard measures (no route to cluster from outside, so a web server would have to get compromised to gain access), is there any value in securing it with kerberos? does anyone do that?


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: kerberos for outside threads

[Vinod Kumar Vavilapalli <vi...@hortonworks.com>]

That is a very appropriate setup. As long as those assumptions remain valid, of course. This was the only way how early hadoop clusters were secured - by restricting access to the cluster using firewall and gateways.

+Vinod

On Jan 21, 2014, at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:

> but for a hadoop cluster that sits "behind" a bunch of web servers to do say log analysis, and that already is protected by standard measures (no route to cluster from outside, so a web server would have to get compromised to gain access), is there any value in securing it with kerberos? does anyone do that?


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: kerberos for outside threads

[Haohui Mai <hm...@hortonworks.com>]

Hi Koert,

I'm wondering what is the end-to-end goal you want to achieve.

You can disable security in Hadoop, where the cluster does not perform
additional authentication. Obviously you can go without kerberos in this
case and protect your clusters with other measures you've mentioned.

Alternatively, you can enable security without kerberos by plugging in your
own authentication filter.

~Haohui




On Tue, Jan 21, 2014 at 4:45 PM, Koert Kuipers <ko...@tresata.com> wrote:

> i understand kerberos is used on hadoop to provide security in a
> multi-user environment, and i can totally see its usage for a shared
> cluster within a company to make sure sensitive data for one department is
> safe from prying eyes of another department.
>
> but for a hadoop cluster that sits "behind" a bunch of web servers to do
> say log analysis, and that already is protected by standard measures (no
> route to cluster from outside, so a web server would have to get
> compromised to gain access), is there any value in securing it with
> kerberos? does anyone do that?
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.