hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boris Shkolnik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-4656) Add a user to groups mapping service
Date Sat, 21 Nov 2009 00:43:39 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-4656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12780849#action_12780849
] 

Boris Shkolnik commented on HADOOP-4656:
----------------------------------------

This patch will create two versions of SecurityUtil.getSubject. One that builds list of group
principles from UGI group list and another one that builds the list from UNIX id command.
Do we really need the first one? I suggest we remove it.

> Add a user to groups mapping service 
> -------------------------------------
>
>                 Key: HADOOP-4656
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4656
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.19.0
>            Reporter: Arun C Murthy
>            Assignee: Boris Shkolnik
>         Attachments: HADOOP-4656.patch, HADOOP-4656_0_20090108.patch
>
>
> Currently the IPC client sends the UGI which contains the user/group information for
the Server. However this represents the groups for the user on the client-end. The more pertinent
mapping from user to groups is actually the one seen by the Server. Hence the client should
only send the user and we should add a 'group mapping service' so that the Server can query
it for the mapping.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message