hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9134) Unified server side user groups mapping service
Date Tue, 11 Dec 2012 23:09:40 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13529460#comment-13529460
] 

Kai Zheng commented on HADOOP-9134:
-----------------------------------

So how to improve to avoid these issues, this proposes to expose and provide the user group
mapping service in NameNode server to all other nodes and clients. In details in low level:
1. Come up a client side Groups class which extends Groups class and utilizes the GetUserMappingsProtocol
for the implementation;
2. Have a switch configuration to enable or disable this feature, like
hadoop.security.mapping.serverside.enable: true/false
3. Change org.apache.hadoop.security.Groups.getUserToGroupsMappingService(), which respects
the switch.
if serverside mapping is enabled, it returns the client side Groups implementation. Otherwise
as normal.
4. In this way UserGroupInformation and client codes won't be affected. No compatible issue
here.

For performance impact, groups cache mechanism can be applied so that most often user's groups
are still be retrieved at client side in the cache.
                
> Unified server side user groups mapping service
> -----------------------------------------------
>
>                 Key: HADOOP-9134
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9134
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.0.3-alpha
>            Reporter: Kai Zheng
>
> This proposes to provide/expose the server side user group mapping service in NameNode
to clients so that user group mapping can be kept in the single place and thus unified in
all nodes and clients.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message