If you want to drill down a bit, I recommend read this doc too: http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/GroupsMapping.html <http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/GroupsMapping.html> This is for trunk Hadoop 3.0, but most of it applies to 2.7/2.8
Wei-Chiu Chuang A very happy Clouderan > On Oct 14, 2016, at 11:33 AM, Ravi Prakash <[email protected]> wrote: > > Chen! > > It gets it from whatever is configured on the Namenode. > https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping > > <https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping> > > HTH > Ravi > > On Thu, Oct 13, 2016 at 7:43 PM, chen dong <[email protected] > <mailto:[email protected]>> wrote: > Hi, > > Currently I am working on a project to enhance the security for the Hadoop > cluster. Eventually I will use Kerberos and Sentry for authentication and > authorisation. And the username and group mapping will come from AD/LDAP (?), > I think so. > > But now I am just learning and trying. I have a question and I haven’t figure > it out is > > where the username/group mapping information come from? > > As far as I know there is no username and group name for Hadoop and username > and group name come from the client wherever from local client machine or > Kerberos realm. But it is a little bit vague for me and can I get the > implementation details here? > > Is this information from the machine where HDFS client is located or from the > linux shell username and group on name node? Or it depends on the context - > even related to data node? What if the data nodes and name nodes have > different users or user-group mapping in the local boxes. > > Regards, > > Dong > >
