[
https://issues.apache.org/jira/browse/HADOOP-11683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14360037#comment-14360037
]
Sunny Cheung commented on HADOOP-11683:
---------------------------------------
bq. Be aware that HadoopKerberosName is now exposed to users in trunk. We
should make sure that the solution here also works there.
Yes, we are aware of this too. Just to confirm, since KerberosName and
HadoopKerberosName are intended for HDFS and MapReduce projects only (as
defined in LimitedPrivate), do we have the option to refactor these classes
(and maybe provide an interface similar to GroupMappingServiceProvider)? Thanks.
> Need a plugin API to translate long principal names to local OS user names
> arbitrarily
> --------------------------------------------------------------------------------------
>
> Key: HADOOP-11683
> URL: https://issues.apache.org/jira/browse/HADOOP-11683
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Sunny Cheung
> Assignee: Sunny Cheung
>
> We need a plugin API to translate long principal names (e.g.
> john....@example.com) to local OS user names (e.g. user123456) arbitrarily.
> For some organizations the name translation is straightforward (e.g.
> john....@example.com to john_doe), and the hadoop.security.auth_to_local
> configurable mapping is sufficient to resolve this (see HADOOP-6526).
> However, in some other cases the name translation is arbitrary and cannot be
> generalized by a set of translation rules easily.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
