[
https://issues.apache.org/jira/browse/HADOOP-1701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Chansler updated HADOOP-1701:
------------------------------------
Component/s: dfs
> Provide a security framework design
> -----------------------------------
>
> Key: HADOOP-1701
> URL: https://issues.apache.org/jira/browse/HADOOP-1701
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs
> Affects Versions: 0.15.0
> Reporter: Tsz Wo (Nicholas), SZE
> Assignee: Tsz Wo (Nicholas), SZE
> Fix For: 0.16.0
>
> Attachments: 1701_20071109.patch
>
>
> Only provide a security framework as described below. A simple
> implementation will be provided in HADOOP-2229.
> h4._Previous Description_
> In HADOOP-1298, we want to add user information and permission to the file
> system. It requires an authentication service and a user management service.
> We should provide a framework and a simple implementation in issue and
> extend it later. As discussed in HADOOP-1298, the framework should be
> extensible and pluggable.
> - Extensible: possible to extend the framework to the other parts (e.g.
> map-reduce) of Hadoop.
> - Pluggable: can easily switch security implementations. Below is a diagram
> borrowed from Java.
> !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
> - Implement a Hadoop authentication center (HAC). In the first step, the
> mechanism of HAC is very simple, it keeps track a list of usernames (we only
> support users, will work on other principals later) in HAC and verify
> username in user login (yeah, no password). HAC can run inside NameNode or
> run as a stand alone server. We will probably use Kerberos to provide more
> sophisticated authentication service.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
