RE: Security issue: hadoop fs shell bypass authentication?

2010-03-08 Thread Michael Segel
Date: Sun, 7 Mar 2010 22:36:30 -0800 Subject: Re: Security issue: hadoop fs shell bypass authentication? From: awittena...@linkedin.com To: common-user@hadoop.apache.org Any user with access can impersonate any other user, including the hadoop root user, without something like

Re: Security issue: hadoop fs shell bypass authentication?

2010-03-08 Thread Allen Wittenauer
On 3/8/10 11:06 AM, Michael Segel michael_se...@hotmail.com wrote: The other issue is how secure is 'secure enough' ? If you limit the physical access to the cloud, limit connectivity to the cloud to certain 'choke' points, and then authenticate at the client level prior to connection,

Re: Security issue: hadoop fs shell bypass authentication?

2010-03-07 Thread Allen Wittenauer
On 3/6/10 10:41 PM, jiang licht licht_ji...@yahoo.com wrote: I can feel that pain, Kerberos needs you to pull more hair from your head :) I worked on it a while back and now only remember bit of it. The only other real choice is PKI. CRLs? Blech. I'd much rather tie the grid into my

Re: Security issue: hadoop fs shell bypass authentication?

2010-03-06 Thread Owen O'Malley
On Mar 5, 2010, at 4:49 PM, Allen Wittenauer wrote: On 3/5/10 1:57 PM, jiang licht licht_ji...@yahoo.com wrote: So, this means that hadoop fs shell does not require any authentication and can be fired from anywhere? There is no authentication/security layer in any released version of

Re: Security issue: hadoop fs shell bypass authentication?

2010-03-06 Thread jiang licht
Good to know and look forward to seeing next release of hadoop with such new security features...   Thanks, -- Michael --- On Sat, 3/6/10, Owen O'Malley omal...@apache.org wrote: From: Owen O'Malley omal...@apache.org Subject: Re: Security issue: hadoop fs shell bypass authentication

Re: Security issue: hadoop fs shell bypass authentication?

2010-03-06 Thread Huy Phan
, -- Michael --- On Sat, 3/6/10, Owen O'Malleyomal...@apache.org wrote: From: Owen O'Malleyomal...@apache.org Subject: Re: Security issue: hadoop fs shell bypass authentication? To: common-user@hadoop.apache.org Date: Saturday, March 6, 2010, 2:20 AM On Mar 5, 2010, at 4:49 PM, Allen Wittenauer

Re: Security issue: hadoop fs shell bypass authentication?

2010-03-06 Thread Edward Capriolo
with such new security features... � Thanks, -- Michael --- On Sat, 3/6/10, Owen O'Malleyomal...@apache.org wrote: From: Owen O'Malleyomal...@apache.org Subject: Re: Security issue: hadoop fs shell bypass authentication? To: common-user@hadoop.apache.org Date: Saturday, March 6, 2010, 2:20

Re: Security issue: hadoop fs shell bypass authentication?

2010-03-06 Thread jiang licht
using, so, no worry actually ... Thank, -- Michael --- On Sat, 3/6/10, Edward Capriolo edlinuxg...@gmail.com wrote: From: Edward Capriolo edlinuxg...@gmail.com Subject: Re: Security issue: hadoop fs shell bypass authentication? To: common-user@hadoop.apache.org Date: Saturday, March 6, 2010, 8

Security issue: hadoop fs shell bypass authentication?

2010-03-05 Thread jiang licht
I am considering the following problem: if someone knows the master and ports of a hadoop cluster, is he able to run hadoop fs shell to read/write/update/delete data in the cluster without any authentication? Ofcoz, the cluster should be built on top of an isolated island of private network,