You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@kudu.apache.org by Pablo Vazquez <pa...@globant.com> on 2017/02/21 15:45:36 UTC
Kudu security
Hi Kudu Team,
As Kudu does not support any security at this moment, this is a barrier for
Kudu production deployment for some of the projects.
Just a request to know, when can we expect security in Kudu. It would be
really helpful if we can have some security feature in next release.
--
*Pablo Quetzalcóatl Vázquez*| Software Designer
*GLOBANT*
[image: Facebook]
<http://s.wisestamp.com/links?url=https%3A%2F%2Fwww.facebook.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Twitter]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.twitter.com%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Youtube]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.youtube.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Linkedin]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Pinterest]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fpinterest.com%2Fglobant%2F&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Globant]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.globant.com%2F&sn=b3psb3BlekB5YWhvby5jb20%3D>
--
The information contained in this e-mail may be confidential. It has been
sent for the sole use of the intended recipient(s). If the reader of this
message is not an intended recipient, you are hereby notified that any
unauthorized review, use, disclosure, dissemination, distribution or
copying of this communication, or any of its contents,
is strictly prohibited. If you have received it by mistake please let us
know by e-mail immediately and delete it from your system. Many thanks.
La información contenida en este mensaje puede ser confidencial. Ha sido
enviada para el uso exclusivo del destinatario(s) previsto. Si el lector de
este mensaje no fuera el destinatario previsto, por el presente queda Ud.
notificado que cualquier lectura, uso, publicación, diseminación,
distribución o copiado de esta comunicación o su contenido está
estrictamente prohibido. En caso de que Ud. hubiera recibido este mensaje
por error le agradeceremos notificarnos por e-mail inmediatamente y
eliminarlo de su sistema. Muchas gracias.
Re: Kudu security
Posted by Todd Lipcon <to...@cloudera.com>.
On Tue, Feb 21, 2017 at 9:31 AM, Pablo Vazquez <pa...@globant.com>
wrote:
> Hi Adar.
>
> Thanks a lot, that is really great news and important thing for us. At
> present having any security feature is crucial. Having an LDAP
> authentication will also work for our project.
>
Hi Pablo,
LDAP authentication isn't currently being worked on. We're following the
Hadoop ecosystem model where single-sign-on via Kerberos is typically the
norm, rather than adding explicit APIs to log in to Kudu via
username/password, as you might see with LDAP.
Given that many enterprises use Active Directory for LDAP, and AD also
provides Kerberos, would Kerberos login be sufficient for your use case?
>
>
> Do you have any expected date for that release?
>
>
As an open source project we don't pre-publish any kind of committed
release timelines. That said, there are a bunch of security-related patches
in review right now, and I'm hoping we can branch for the release in the
next couple of days once the current batch of them is committed. Releases
tend to follow in the next few weeks following the branch creation, though
of course it depends on how many bugs are found after the branch, etc.
As an aside, please keep in mind that the only official Apache Kudu
releases are source releases, and vendor binary releases typically lag the
open source project releases by some amount of time (depending on their own
release schedules, test processes, integration, etc).
-Todd
>
> On Tue, Feb 21, 2017 at 10:20 AM, Adar Dembo <ad...@cloudera.com> wrote:
>
>> Hi Pablo,
>>
>> Security features are being actively developed right now, and should
>> probably make it into the next upstream Kudu release (i.e. 1.3). These
>> include Kerberos support for authentication as well as TLS for encryption.
>> If you need more detail I'm sure other folks here can provide it.
>>
>> Just out of curiosity, what kind of security features do you need? It'd
>> be good to make sure that what's under development satisfies your needs.
>>
>>
>> On Tue, Feb 21, 2017 at 7:45 AM, Pablo Vazquez <pablo.vazquez@globant.com
>> > wrote:
>>
>>>
>>> Hi Kudu Team,
>>>
>>> As Kudu does not support any security at this moment, this is a barrier
>>> for Kudu production deployment for some of the projects.
>>>
>>> Just a request to know, when can we expect security in Kudu. It would
>>> be really helpful if we can have some security feature in next release.
>>>
>>> --
>>> *Pablo Quetzalcóatl Vázquez*| Software Designer
>>> *GLOBANT*
>>>
>>> [image: Facebook]
>>> <http://s.wisestamp.com/links?url=https%3A%2F%2Fwww.facebook.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>>> Twitter]
>>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.twitter.com%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>>> Youtube]
>>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.youtube.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>>> Linkedin]
>>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>>> Pinterest]
>>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fpinterest.com%2Fglobant%2F&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>>> Globant]
>>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.globant.com%2F&sn=b3psb3BlekB5YWhvby5jb20%3D>
>>>
>>> The information contained in this e-mail may be confidential. It has
>>> been sent for the sole use of the intended recipient(s). If the reader of
>>> this message is not an intended recipient, you are hereby notified that any
>>> unauthorized review, use, disclosure, dissemination, distribution or
>>> copying of this communication, or any of its contents,
>>> is strictly prohibited. If you have received it by mistake please let
>>> us know by e-mail immediately and delete it from your system. Many
>>> thanks.
>>>
>>>
>>>
>>> La información contenida en este mensaje puede ser confidencial. Ha sido
>>> enviada para el uso exclusivo del destinatario(s) previsto. Si el lector de
>>> este mensaje no fuera el destinatario previsto, por el presente queda Ud.
>>> notificado que cualquier lectura, uso, publicación, diseminación,
>>> distribución o copiado de esta comunicación o su contenido está
>>> estrictamente prohibido. En caso de que Ud. hubiera recibido este mensaje
>>> por error le agradeceremos notificarnos por e-mail inmediatamente y
>>> eliminarlo de su sistema. Muchas gracias.
>>>
>>>
>>
>
>
> --
> *Pablo Quetzalcóatl Vázquez*| Software Designer
> *GLOBANT*
>
> [image: Facebook]
> <http://s.wisestamp.com/links?url=https%3A%2F%2Fwww.facebook.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Twitter]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.twitter.com%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Youtube]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.youtube.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Linkedin]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Pinterest]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fpinterest.com%2Fglobant%2F&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Globant]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.globant.com%2F&sn=b3psb3BlekB5YWhvby5jb20%3D>
>
> The information contained in this e-mail may be confidential. It has been
> sent for the sole use of the intended recipient(s). If the reader of this
> message is not an intended recipient, you are hereby notified that any
> unauthorized review, use, disclosure, dissemination, distribution or
> copying of this communication, or any of its contents,
> is strictly prohibited. If you have received it by mistake please let us
> know by e-mail immediately and delete it from your system. Many thanks.
>
>
>
> La información contenida en este mensaje puede ser confidencial. Ha sido
> enviada para el uso exclusivo del destinatario(s) previsto. Si el lector de
> este mensaje no fuera el destinatario previsto, por el presente queda Ud.
> notificado que cualquier lectura, uso, publicación, diseminación,
> distribución o copiado de esta comunicación o su contenido está
> estrictamente prohibido. En caso de que Ud. hubiera recibido este mensaje
> por error le agradeceremos notificarnos por e-mail inmediatamente y
> eliminarlo de su sistema. Muchas gracias.
>
>
--
Todd Lipcon
Software Engineer, Cloudera
Re: Kudu security
Posted by Pablo Vazquez <pa...@globant.com>.
Hi Adar.
Thanks a lot, that is really great news and important thing for us. At
present having any security feature is crucial. Having an LDAP
authentication will also work for our project.
Do you have any expected date for that release?
On Tue, Feb 21, 2017 at 10:20 AM, Adar Dembo <ad...@cloudera.com> wrote:
> Hi Pablo,
>
> Security features are being actively developed right now, and should
> probably make it into the next upstream Kudu release (i.e. 1.3). These
> include Kerberos support for authentication as well as TLS for encryption.
> If you need more detail I'm sure other folks here can provide it.
>
> Just out of curiosity, what kind of security features do you need? It'd be
> good to make sure that what's under development satisfies your needs.
>
>
> On Tue, Feb 21, 2017 at 7:45 AM, Pablo Vazquez <pa...@globant.com>
> wrote:
>
>>
>> Hi Kudu Team,
>>
>> As Kudu does not support any security at this moment, this is a barrier
>> for Kudu production deployment for some of the projects.
>>
>> Just a request to know, when can we expect security in Kudu. It would be
>> really helpful if we can have some security feature in next release.
>>
>> --
>> *Pablo Quetzalcóatl Vázquez*| Software Designer
>> *GLOBANT*
>>
>> [image: Facebook]
>> <http://s.wisestamp.com/links?url=https%3A%2F%2Fwww.facebook.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>> Twitter]
>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.twitter.com%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>> Youtube]
>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.youtube.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>> Linkedin]
>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>> Pinterest]
>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fpinterest.com%2Fglobant%2F&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
>> Globant]
>> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.globant.com%2F&sn=b3psb3BlekB5YWhvby5jb20%3D>
>>
>> The information contained in this e-mail may be confidential. It has been
>> sent for the sole use of the intended recipient(s). If the reader of this
>> message is not an intended recipient, you are hereby notified that any
>> unauthorized review, use, disclosure, dissemination, distribution or
>> copying of this communication, or any of its contents,
>> is strictly prohibited. If you have received it by mistake please let us
>> know by e-mail immediately and delete it from your system. Many thanks.
>>
>>
>>
>> La información contenida en este mensaje puede ser confidencial. Ha sido
>> enviada para el uso exclusivo del destinatario(s) previsto. Si el lector de
>> este mensaje no fuera el destinatario previsto, por el presente queda Ud.
>> notificado que cualquier lectura, uso, publicación, diseminación,
>> distribución o copiado de esta comunicación o su contenido está
>> estrictamente prohibido. En caso de que Ud. hubiera recibido este mensaje
>> por error le agradeceremos notificarnos por e-mail inmediatamente y
>> eliminarlo de su sistema. Muchas gracias.
>>
>>
>
--
*Pablo Quetzalcóatl Vázquez*| Software Designer
*GLOBANT*
[image: Facebook]
<http://s.wisestamp.com/links?url=https%3A%2F%2Fwww.facebook.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Twitter]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.twitter.com%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Youtube]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.youtube.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Linkedin]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Pinterest]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fpinterest.com%2Fglobant%2F&sn=b3psb3BlekB5YWhvby5jb20%3D>
[image:
Globant]
<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.globant.com%2F&sn=b3psb3BlekB5YWhvby5jb20%3D>
--
The information contained in this e-mail may be confidential. It has been
sent for the sole use of the intended recipient(s). If the reader of this
message is not an intended recipient, you are hereby notified that any
unauthorized review, use, disclosure, dissemination, distribution or
copying of this communication, or any of its contents,
is strictly prohibited. If you have received it by mistake please let us
know by e-mail immediately and delete it from your system. Many thanks.
La información contenida en este mensaje puede ser confidencial. Ha sido
enviada para el uso exclusivo del destinatario(s) previsto. Si el lector de
este mensaje no fuera el destinatario previsto, por el presente queda Ud.
notificado que cualquier lectura, uso, publicación, diseminación,
distribución o copiado de esta comunicación o su contenido está
estrictamente prohibido. En caso de que Ud. hubiera recibido este mensaje
por error le agradeceremos notificarnos por e-mail inmediatamente y
eliminarlo de su sistema. Muchas gracias.
Re: Kudu security
Posted by Adar Dembo <ad...@cloudera.com>.
Hi Pablo,
Security features are being actively developed right now, and should
probably make it into the next upstream Kudu release (i.e. 1.3). These
include Kerberos support for authentication as well as TLS for encryption.
If you need more detail I'm sure other folks here can provide it.
Just out of curiosity, what kind of security features do you need? It'd be
good to make sure that what's under development satisfies your needs.
On Tue, Feb 21, 2017 at 7:45 AM, Pablo Vazquez <pa...@globant.com>
wrote:
>
> Hi Kudu Team,
>
> As Kudu does not support any security at this moment, this is a barrier
> for Kudu production deployment for some of the projects.
>
> Just a request to know, when can we expect security in Kudu. It would be
> really helpful if we can have some security feature in next release.
>
> --
> *Pablo Quetzalcóatl Vázquez*| Software Designer
> *GLOBANT*
>
> [image: Facebook]
> <http://s.wisestamp.com/links?url=https%3A%2F%2Fwww.facebook.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Twitter]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.twitter.com%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Youtube]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.youtube.com%2FGlobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Linkedin]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fglobant&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Pinterest]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fpinterest.com%2Fglobant%2F&sn=b3psb3BlekB5YWhvby5jb20%3D> [image:
> Globant]
> <http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.globant.com%2F&sn=b3psb3BlekB5YWhvby5jb20%3D>
>
> The information contained in this e-mail may be confidential. It has been
> sent for the sole use of the intended recipient(s). If the reader of this
> message is not an intended recipient, you are hereby notified that any
> unauthorized review, use, disclosure, dissemination, distribution or
> copying of this communication, or any of its contents,
> is strictly prohibited. If you have received it by mistake please let us
> know by e-mail immediately and delete it from your system. Many thanks.
>
>
>
> La información contenida en este mensaje puede ser confidencial. Ha sido
> enviada para el uso exclusivo del destinatario(s) previsto. Si el lector de
> este mensaje no fuera el destinatario previsto, por el presente queda Ud.
> notificado que cualquier lectura, uso, publicación, diseminación,
> distribución o copiado de esta comunicación o su contenido está
> estrictamente prohibido. En caso de que Ud. hubiera recibido este mensaje
> por error le agradeceremos notificarnos por e-mail inmediatamente y
> eliminarlo de su sistema. Muchas gracias.
>
>