[
https://issues.apache.org/jira/browse/HADOOP-8455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13672653#comment-13672653
]
Chuan Liu commented on HADOOP-8455:
-----------------------------------
This JIRA mainly targets unseucre HADOOP; The configuration suggested by
[~owen.omalley] is for secure Hadoop, and does not apply here.
I have given this issue some new thoughts. We can solve this issue with the
following two rules.
1) If the user is a local user, remove the machine prefix and use only its user
name as the ID in Hadoop, e.g. 'Win1\Alex' and 'Win2\Alex' will both be
identified as 'Alex' in Hadoop. For service accounts on the machine, like 'NT
AUTHORITY\SYSTEM', we can include the prefix as there is no machine name in the
ID.
2) If the user is a domain user, use the full name include domain as its ID,
e.g. 'Redmond\Alex' will be used in Hadoop to represent the user.
One important scenario for unsecure Hadoop is to allow local users of the same
name to run Hadoop cluster without a domain controller. For example, users can
create local user 'Alex' on the two machines 'Win1' and 'Win2', and run Hadoop
under the local user 'Alex'. With rule 1) above, we can be consistent with this
usage because 'Win1\Alex' and 'Win2\Alex' will be recognized as 'Alex' in
Hadoop.
With rule 2), we can distinguish local user and domain user in Hadoop thus
solve the issue of this JIRA. Since domain user representation is consistent
across machines, the domain user scenarios will not be affected.
> Address user name format on domain joined Windows machines
> ----------------------------------------------------------
>
> Key: HADOOP-8455
> URL: https://issues.apache.org/jira/browse/HADOOP-8455
> Project: Hadoop Common
> Issue Type: Bug
> Components: native
> Affects Versions: 1.1.0, 0.24.0
> Reporter: Chuan Liu
> Assignee: Ivan Mitic
> Priority: Minor
>
> For a domain joined Windows machine, user name along is not a unique
> identifier. User name plus domain name is need in order to unique identify
> the user. For example, we can have both ‘Win1\Alex’ and ‘Redmond\Alex’ on a
> computer named Win1 that joins Redmond domain. In order to avoid ambiguity,
> ‘whoami’ on Windows and the new ‘winutils’ created in
> [Hadoop-8235|https://issues.apache.org/jira/browse/HADOOP-8235] both return
> [domain]\[username] as the username. In Hadoop, we only use user name right
> now. This may lead to some inconsistency, and production bugs if users of the
> same name exist on the machine.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
