[
https://issues.apache.org/jira/browse/HADOOP-11683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14354240#comment-14354240
]
Kai Zheng commented on HADOOP-11683:
------------------------------------
bq.What do we mean by modular approach vs. user code here ?
I mean by having an interface here, we can have different modular
implementation classes for each mechanism, instead of mixing all of mechanisms
together in one *BIG* class.
bq.Perhaps the plugin could forward requests to a local daemon with cache
capability
I'm not sure that would eliminate the necessity of caching results in Java
side, particularly considering external daemon or service might not be
connectable or reliable to NameNode.
> Need a plugin API to translate long principal names to local OS user names
> arbitrarily
> --------------------------------------------------------------------------------------
>
> Key: HADOOP-11683
> URL: https://issues.apache.org/jira/browse/HADOOP-11683
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Sunny Cheung
>
> We need a plugin API to translate long principal names (e.g.
> john....@example.com) to local OS user names (e.g. user123456) arbitrarily.
> For some organizations the name translation is straightforward (e.g.
> john....@example.com to john_doe), and the hadoop.security.auth_to_local
> configurable mapping is sufficient to resolve this (see HADOOP-6526).
> However, in some other cases the name translation is arbitrary and cannot be
> generalized by a set of translation rules easily.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
