HADOOP-8712. Change default hadoop.security.group.mapping to JniBasedUnixGroupsNetgroupMappingWithFallback. Contributed by Robert Parker.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1433625 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
062e39e96b
commit
467e811003
|
@ -118,6 +118,9 @@ Release 2.0.3-alpha - Unreleased
|
|||
HADOOP-9192. Move token related request/response messages to common.
|
||||
(suresh)
|
||||
|
||||
HADOOP-8712. Change default hadoop.security.group.mapping to
|
||||
JniBasedUnixGroupsNetgroupMappingWithFallback (Robert Parker via todd)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang
|
||||
|
|
|
@ -80,9 +80,17 @@
|
|||
|
||||
<property>
|
||||
<name>hadoop.security.group.mapping</name>
|
||||
<value>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</value>
|
||||
<value>org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback</value>
|
||||
<description>
|
||||
Class for user to group mapping (get groups for a given user) for ACL
|
||||
Class for user to group mapping (get groups for a given user) for ACL.
|
||||
The default implementation,
|
||||
org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback,
|
||||
will determine if the Java Native Interface (JNI) is available. If JNI is
|
||||
available the implementation will use the API within hadoop to resolve a
|
||||
list of groups for a user. If JNI is not available then the shell
|
||||
implementation, ShellBasedUnixGroupsMapping, is used. This implementation
|
||||
shells out to the Linux/Unix environment with the
|
||||
<code>bash -c groups</code> command to resolve a list of groups for a user.
|
||||
</description>
|
||||
</property>
|
||||
|
||||
|
|
|
@ -92,10 +92,11 @@ There is no provision within HDFS for creating user identities, establishing gro
|
|||
|
||||
<section><title>Group Mapping</title>
|
||||
<p>
|
||||
Once a username has been determined as described above, the list of groups is determined by a <em>group mapping
|
||||
service</em>, configured by the <code>hadoop.security.group.mapping</code> property.
|
||||
The default implementation, <code>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</code>, will shell out
|
||||
to the Unix <code>bash -c groups</code> command to resolve a list of groups for a user.
|
||||
Once a username has been determined as described above, the list of groups is
|
||||
determined by a <em>group mapping service</em>, configured by the
|
||||
<code>hadoop.security.group.mapping</code> property. Refer to the
|
||||
core-default.xml for details of the <code>hadoop.security.group.mapping</code>
|
||||
implementation.
|
||||
</p>
|
||||
<p>
|
||||
An alternate implementation, which connects directly to an LDAP server to resolve the list of groups, is available
|
||||
|
|
Loading…
Reference in New Issue