HADOOP-8712. Change default hadoop.security.group.mapping to JniBasedUnixGroupsNetgroupMappingWithFallback. Contributed by Robert Parker.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1433625 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Todd Lipcon 2013-01-15 20:43:35 +00:00
parent 062e39e96b
commit 467e811003
3 changed files with 18 additions and 6 deletions

View File

@ -118,6 +118,9 @@ Release 2.0.3-alpha - Unreleased
HADOOP-9192. Move token related request/response messages to common.
(suresh)
HADOOP-8712. Change default hadoop.security.group.mapping to
JniBasedUnixGroupsNetgroupMappingWithFallback (Robert Parker via todd)
OPTIMIZATIONS
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang

View File

@ -80,9 +80,17 @@
<property>
<name>hadoop.security.group.mapping</name>
<value>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</value>
<value>org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback</value>
<description>
Class for user to group mapping (get groups for a given user) for ACL
Class for user to group mapping (get groups for a given user) for ACL.
The default implementation,
org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback,
will determine if the Java Native Interface (JNI) is available. If JNI is
available the implementation will use the API within hadoop to resolve a
list of groups for a user. If JNI is not available then the shell
implementation, ShellBasedUnixGroupsMapping, is used. This implementation
shells out to the Linux/Unix environment with the
<code>bash -c groups</code> command to resolve a list of groups for a user.
</description>
</property>

View File

@ -92,10 +92,11 @@ There is no provision within HDFS for creating user identities, establishing gro
<section><title>Group Mapping</title>
<p>
Once a username has been determined as described above, the list of groups is determined by a <em>group mapping
service</em>, configured by the <code>hadoop.security.group.mapping</code> property.
The default implementation, <code>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</code>, will shell out
to the Unix <code>bash -c groups</code> command to resolve a list of groups for a user.
Once a username has been determined as described above, the list of groups is
determined by a <em>group mapping service</em>, configured by the
<code>hadoop.security.group.mapping</code> property. Refer to the
core-default.xml for details of the <code>hadoop.security.group.mapping</code>
implementation.
</p>
<p>
An alternate implementation, which connects directly to an LDAP server to resolve the list of groups, is available