Home Forums Security Security in HDP for Windows

This topic contains 2 replies, has 2 voices, and was last updated by  Xiaomin Deng 1 month, 1 week ago.

  • Creator
    Topic
  • #47629

    Xiaomin Deng
    Participant

    Hi, I’m playing with HDP for windows, and have 2 questions about security.
    1. Kerberos Authentication: How to configure the HDP to use windows Kerberos authentication? I saw all documents is about configure kereros in linux/CenterOS. But in windows AD, there is already one KDC in the domain controller, and we never manually generate the key tab files.
    2. The account for running Map Reduce job. Currently, what i saw is the process of MR job is running with the same account (hadoop) as the taskTracker service, but not the account of the job owner. If i write some malicious code in the MR job, the code can directly access local FS or HDFS in the security context of “hadoop” user. And “hadoop” user is actually the super account in hadoop system. This is big security issue. What we can do with this?

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

  • Author
    Replies
  • #50266

    Xiaomin Deng
    Participant

    Vinary,

    Thanks for your reply.
    For question #1, i have successfully set up the Kerberos auth on windows by manually configuring java Kerberos config and exporting the key tab files. Do you have plan to improve this?
    Will #2 be implemented by written windows version container launcher which can do impersonation for running the processes.

    Collapse
    #49123

    Vinay Shukla
    Participant

    HDP for Windows doesn’t yet have the security parity with Linux. We plan to deliver it 1stHalf of 2014.

    Collapse
Viewing 2 replies - 1 through 2 (of 2 total)