You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Boris Shkolnik (JIRA)" <ji...@apache.org> on 2009/11/21 01:43:39 UTC
[jira] Commented: (HADOOP-4656) Add a user to groups mapping
service
[ https://issues.apache.org/jira/browse/HADOOP-4656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12780849#action_12780849 ]
Boris Shkolnik commented on HADOOP-4656:
----------------------------------------
This patch will create two versions of SecurityUtil.getSubject. One that builds list of group principles from UGI group list and another one that builds the list from UNIX id command. Do we really need the first one? I suggest we remove it.
> Add a user to groups mapping service
> -------------------------------------
>
> Key: HADOOP-4656
> URL: https://issues.apache.org/jira/browse/HADOOP-4656
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.19.0
> Reporter: Arun C Murthy
> Assignee: Boris Shkolnik
> Attachments: HADOOP-4656.patch, HADOOP-4656_0_20090108.patch
>
>
> Currently the IPC client sends the UGI which contains the user/group information for the Server. However this represents the groups for the user on the client-end. The more pertinent mapping from user to groups is actually the one seen by the Server. Hence the client should only send the user and we should add a 'group mapping service' so that the Server can query it for the mapping.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.