[
https://issues.apache.org/jira/browse/HADOOP-11683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15129507#comment-15129507
]
roger mak commented on HADOOP-11683:
------------------------------------
bq. This work keeps the behaviour and introduced pluggable provider mechanism
but hasn't provided any plugin provider yet.
You are correct. This work is to provide a configurable hook that will make it
possible for other service providers to develop their plugin provider codes to
do advanced name translation. How to implement the plugin provider codes is
intentionally left to external service providers. Does it make sense?
> Need a plugin API to translate long principal names to local OS user names
> arbitrarily
> --------------------------------------------------------------------------------------
>
> Key: HADOOP-11683
> URL: https://issues.apache.org/jira/browse/HADOOP-11683
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.6.0
> Reporter: Sunny Cheung
> Assignee: roger mak
> Attachments: HADOOP-11683.001.patch, HADOOP-11683.002.patch,
> HADOOP-11683.003.patch
>
>
> We need a plugin API to translate long principal names (e.g.
> [email protected]) to local OS user names (e.g. user123456) arbitrarily.
> For some organizations the name translation is straightforward (e.g.
> [email protected] to john_doe), and the hadoop.security.auth_to_local
> configurable mapping is sufficient to resolve this (see HADOOP-6526).
> However, in some other cases the name translation is arbitrary and cannot be
> generalized by a set of translation rules easily.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
