[
https://issues.apache.org/jira/browse/HADOOP-9134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13529460#comment-13529460
]
Kai Zheng commented on HADOOP-9134:
-----------------------------------
So how to improve to avoid these issues, this proposes to expose and provide
the user group mapping service in NameNode server to all other nodes and
clients. In details in low level:
1. Come up a client side Groups class which extends Groups class and utilizes
the GetUserMappingsProtocol for the implementation;
2. Have a switch configuration to enable or disable this feature, like
hadoop.security.mapping.serverside.enable: true/false
3. Change org.apache.hadoop.security.Groups.getUserToGroupsMappingService(),
which respects the switch.
if serverside mapping is enabled, it returns the client side Groups
implementation. Otherwise as normal.
4. In this way UserGroupInformation and client codes won't be affected. No
compatible issue here.
For performance impact, groups cache mechanism can be applied so that most
often user's groups are still be retrieved at client side in the cache.
> Unified server side user groups mapping service
> -----------------------------------------------
>
> Key: HADOOP-9134
> URL: https://issues.apache.org/jira/browse/HADOOP-9134
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.3-alpha
> Reporter: Kai Zheng
>
> This proposes to provide/expose the server side user group mapping service in
> NameNode to clients so that user group mapping can be kept in the single
> place and thus unified in all nodes and clients.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
