You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Arun C Murthy (JIRA)" <ji...@apache.org> on 2008/11/14 18:38:44 UTC
[jira] Commented: (HADOOP-4656) Add a user to groups mapping
service
[ https://issues.apache.org/jira/browse/HADOOP-4656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12647677#action_12647677 ]
Arun C Murthy commented on HADOOP-4656:
---------------------------------------
HADOOP-4348 is switching IPC to use the JAAS Subject rather than UGI (which will become an internal artifact). While we are adding the user-to-group mapping service, I propose we change the IPC Client to send the JAAS Subject in the header rather than UGI, this will also be compatible with the way we will do Kerberos-based authentication via the GSS API.
> Add a user to groups mapping service
> -------------------------------------
>
> Key: HADOOP-4656
> URL: https://issues.apache.org/jira/browse/HADOOP-4656
> Project: Hadoop Core
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.19.0
> Reporter: Arun C Murthy
> Fix For: 0.20.0
>
>
> Currently the IPC client sends the UGI which contains the user/group information for the Server. However this represents the groups for the user on the client-end. The more pertinent mapping from user to groups is actually the one seen by the Server. Hence the client should only send the user and we should add a 'group mapping service' so that the Server can query it for the mapping.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.