You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Chuan Liu (JIRA)" <ji...@apache.org> on 2013/06/02 21:34:21 UTC

[jira] [Commented] (HADOOP-8455) Address user name format on domain joined Windows machines

    [ https://issues.apache.org/jira/browse/HADOOP-8455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13672653#comment-13672653 ] 

Chuan Liu commented on HADOOP-8455:
-----------------------------------

This JIRA mainly targets unseucre HADOOP; The configuration suggested by [~owen.omalley] is for secure Hadoop, and does not apply here.

I have given this issue some new thoughts. We can solve this issue with the following two rules.

1) If the user is a local user, remove the machine prefix and use only its user name as the ID in Hadoop, e.g. 'Win1\Alex' and 'Win2\Alex' will both be identified as 'Alex' in Hadoop. For service accounts on the machine, like 'NT AUTHORITY\SYSTEM', we can include the prefix as there is no machine name in the ID.

2) If the user is a domain user, use the full name include domain as its ID, e.g. 'Redmond\Alex' will be used in Hadoop to represent the user.

One important scenario for unsecure Hadoop is to allow local users of the same name to run Hadoop cluster without a domain controller. For example, users can create local user 'Alex' on the two machines 'Win1' and 'Win2', and run Hadoop under the local user 'Alex'. With rule 1) above, we can be consistent with this usage because 'Win1\Alex' and 'Win2\Alex' will be recognized as 'Alex' in Hadoop.

With rule 2), we can distinguish local user and domain user in Hadoop thus solve the issue of this JIRA. Since domain user representation is consistent across machines, the domain user scenarios will not be affected. 


                
> Address user name format on domain joined Windows machines
> ----------------------------------------------------------
>
>                 Key: HADOOP-8455
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8455
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: native
>    Affects Versions: 1.1.0, 0.24.0
>            Reporter: Chuan Liu
>            Assignee: Ivan Mitic
>            Priority: Minor
>
> For a domain joined Windows machine, user name along is not a unique identifier. User name plus domain name is need in order to unique identify the user. For example, we can have both ‘Win1\Alex’ and ‘Redmond\Alex’ on a computer named Win1 that joins Redmond domain. In order to avoid ambiguity, ‘whoami’ on Windows and the new ‘winutils’ created in [Hadoop-8235|https://issues.apache.org/jira/browse/HADOOP-8235] both return [domain]\[username] as the username. In Hadoop, we only use user name right now. This may lead to some inconsistency, and production bugs if users of the same name exist on the machine.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira