HADOOP-8712. Change default hadoop.security.group.mapping to JniBasedUnixGroupsNetgroupMappingWithFallback. Contributed by Robert Parker.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1433624 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
2cee917f53
commit
347cf6e176
|
@ -436,6 +436,9 @@ Release 2.0.3-alpha - Unreleased
|
||||||
HADOOP-9192. Move token related request/response messages to common.
|
HADOOP-9192. Move token related request/response messages to common.
|
||||||
(suresh)
|
(suresh)
|
||||||
|
|
||||||
|
HADOOP-8712. Change default hadoop.security.group.mapping to
|
||||||
|
JniBasedUnixGroupsNetgroupMappingWithFallback (Robert Parker via todd)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang
|
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang
|
||||||
|
|
|
@ -80,9 +80,17 @@
|
||||||
|
|
||||||
<property>
|
<property>
|
||||||
<name>hadoop.security.group.mapping</name>
|
<name>hadoop.security.group.mapping</name>
|
||||||
<value>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</value>
|
<value>org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback</value>
|
||||||
<description>
|
<description>
|
||||||
Class for user to group mapping (get groups for a given user) for ACL
|
Class for user to group mapping (get groups for a given user) for ACL.
|
||||||
|
The default implementation,
|
||||||
|
org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback,
|
||||||
|
will determine if the Java Native Interface (JNI) is available. If JNI is
|
||||||
|
available the implementation will use the API within hadoop to resolve a
|
||||||
|
list of groups for a user. If JNI is not available then the shell
|
||||||
|
implementation, ShellBasedUnixGroupsMapping, is used. This implementation
|
||||||
|
shells out to the Linux/Unix environment with the
|
||||||
|
<code>bash -c groups</code> command to resolve a list of groups for a user.
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
|
|
||||||
|
|
|
@ -92,10 +92,11 @@ There is no provision within HDFS for creating user identities, establishing gro
|
||||||
|
|
||||||
<section><title>Group Mapping</title>
|
<section><title>Group Mapping</title>
|
||||||
<p>
|
<p>
|
||||||
Once a username has been determined as described above, the list of groups is determined by a <em>group mapping
|
Once a username has been determined as described above, the list of groups is
|
||||||
service</em>, configured by the <code>hadoop.security.group.mapping</code> property.
|
determined by a <em>group mapping service</em>, configured by the
|
||||||
The default implementation, <code>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</code>, will shell out
|
<code>hadoop.security.group.mapping</code> property. Refer to the
|
||||||
to the Unix <code>bash -c groups</code> command to resolve a list of groups for a user.
|
core-default.xml for details of the <code>hadoop.security.group.mapping</code>
|
||||||
|
implementation.
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
An alternate implementation, which connects directly to an LDAP server to resolve the list of groups, is available
|
An alternate implementation, which connects directly to an LDAP server to resolve the list of groups, is available
|
||||||
|
|
Loading…
Reference in New Issue