hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashu Pachauri (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13832) Implement a file-based GroupMappingServiceProvider
Date Wed, 23 Nov 2016 23:59:58 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15691712#comment-15691712

Ashu Pachauri commented on HADOOP-13832:

The patch reloads whatever it can read from a malformed config. This potentially exposes us
to move from a complete configuration to an incomplete one. We would want to reject everything
in a malformed mappings file rather than loading incomplete data.
Everything else looks good to me.

> Implement a file-based GroupMappingServiceProvider
> --------------------------------------------------
>                 Key: HADOOP-13832
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13832
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Gary Helmling
>         Attachments: HADOOP-13832.branch-2.7.001.patch
> In can be useful to decouple Hadoop group membership resolution from OS-level group memberships,
without having to depend on an external system like LDAP.
> I'd like to propose a file-based group mapping implementation, which will read group
membership information from a configured file path on the local filesystem, reloading periodically
for changes.  For simplicity, it will use the same file format as /etc/group.
> I'm aware of the option for static mappings in core-site.xml, but maintaining these in
an xml file is cumbersome and these are not reloadable.  Having a built-in file-based implementation
will also make this more usable in other systems relying on Hadoop security tooling, such
as HBase.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message