[jira] Updated: (HADOOP-1701) Provide a simple authentication service and a user management service

Tue, 28 Aug 2007 11:28:00 -0700 

     [ 
https://issues.apache.org/jira/browse/HADOOP-1701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tsz Wo (Nicholas), SZE updated HADOOP-1701:
-------------------------------------------

    Attachment: simple20070828.patch

- {{design20070828.pdf}}
is a Security Design document for the big picture

- {{guides20070828.pdf}}
is a API & Developer Guides document for Phase 1

- {{1701_20070827c_framework.patch}}
is the framework API

- {{simple20070828.patch}}
is a simple implementation

> Provide a simple authentication service and a user management service
> ---------------------------------------------------------------------
>
>                 Key: HADOOP-1701
>                 URL: https://issues.apache.org/jira/browse/HADOOP-1701
>             Project: Hadoop
>          Issue Type: New Feature
>            Reporter: Tsz Wo (Nicholas), SZE
>            Assignee: Tsz Wo (Nicholas), SZE
>         Attachments: 1701_20070827c_framework.patch, design20070828.pdf, 
> guides20070828.pdf, simple20070828.patch
>
>
> In HADOOP-1298, we want to add user information and permission to the file 
> system.  It requires an authentication service and a user management service. 
>  We should provide a framework and a simple implementation in issue and 
> extend it later.  As discussed in HADOOP-1298, the framework should be 
> extensible and pluggable.
> - Extensible: possible to extend the framework to the other parts (e.g. 
> map-reduce) of Hadoop.
> - Pluggable: can easily switch security implementations.  Below is a diagram 
> borrowed from Java.
> !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
> - Implement a Hadoop authentication center (HAC).  In the first step, the 
> mechanism of HAC is very simple, it keeps track a list of usernames (we only 
> support users, will work on other principals later) in HAC and verify 
> username in user login (yeah, no password).  HAC can run inside NameNode or 
> run as a stand alone server.   We will probably use Kerberos to provide more 
> sophisticated authentication service.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to