Last I heard, the API could be suborned in this scenario. Real credential based identity would be needed to provide more than this.
The hack would involve a changed hadoop library that lies about identity. This would not be difficult to do. On Wed, Jul 22, 2009 at 11:45 PM, Mathias Herberts < mathias.herbe...@gmail.com> wrote: > You can simply set up some bastion hosts which are trusted and from > which jobs can be run. > > Then let users connect to these hosts using a secure mechanism such as SSH > keys. > > You can then create users/groups on those bastion hosts and have > permissions on your HDFS files that use those credentials. > -- Ted Dunning, CTO DeepDyve
