Hadoop Kerberos security implementation
Enforcing security within a distributed system such as Hadoop is complex. The detailed requirements for securing Hadoop were identified by Owen O'Malley and others as part of the Hadoop security design. The detailed document is attached with the ticket HADOOP-4487 at https://issues.apache.org/jira/browse/HADOOP-4487. A summary of these requirements is explained in this section.
User-level access controls
A brief on the user-level access controls is:
Users of Hadoop should only be able to access data that is authorized for them
Only authenticated users should be able to submit jobs to the Hadoop cluster
Users should be able to view, modify, and kill only their own jobs
Only authenticated services should be able to register themselves as DataNodes or TaskTracker
Data block access within DataNode needs to be secured, and only authenticated users should be able to access the data stored in the Hadoop cluster
Service-level access controls
Here's a gist of the service...
