[
https://issues.apache.org/jira/browse/HADOOP-18627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17689329#comment-17689329
]
ASF GitHub Bot commented on HADOOP-18627:
-----------------------------------------
steveloughran commented on code in PR #5406:
URL: https://github.com/apache/hadoop/pull/5406#discussion_r1107678292
##########
hadoop-common-project/hadoop-common/src/site/markdown/SecureMode.md:
##########
@@ -20,7 +20,9 @@ Hadoop in Secure Mode
Introduction
------------
-This document describes how to configure authentication for Hadoop in secure
mode. When Hadoop is configured to run in secure mode, each Hadoop service and
each user must be authenticated by Kerberos.
+In its default configuration, we expect you to make sure attackers don't have
access to your Hadoop deployment by restricting all network access. If you want
to expose Hadoop to untrusted users, you will have to configure authentication
for Hadoop in secure mode as described in this document.
Review Comment:
I don't think people cloud deployments realise they've exposed their hadoop
services to the world, so we need to be a bit more explicit here.
> site intro docs to make clear Kerberos is mandatory for secure clusters
> -----------------------------------------------------------------------
>
> Key: HADOOP-18627
> URL: https://issues.apache.org/jira/browse/HADOOP-18627
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: site
> Affects Versions: 3.3.4
> Reporter: Steve Loughran
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.3.5
>
>
> make extra clear in the intro docs that you need to turn kerberos on or run a
> private network where all accessors have unrestricted access to all storage
> and compute.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
