[
https://issues.apache.org/jira/browse/HADOOP-4656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12647677#action_12647677
]
Arun C Murthy commented on HADOOP-4656:
---------------------------------------
HADOOP-4348 is switching IPC to use the JAAS Subject rather than UGI (which
will become an internal artifact). While we are adding the user-to-group
mapping service, I propose we change the IPC Client to send the JAAS Subject in
the header rather than UGI, this will also be compatible with the way we will
do Kerberos-based authentication via the GSS API.
> Add a user to groups mapping service
> -------------------------------------
>
> Key: HADOOP-4656
> URL: https://issues.apache.org/jira/browse/HADOOP-4656
> Project: Hadoop Core
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.19.0
> Reporter: Arun C Murthy
> Fix For: 0.20.0
>
>
> Currently the IPC client sends the UGI which contains the user/group
> information for the Server. However this represents the groups for the user
> on the client-end. The more pertinent mapping from user to groups is actually
> the one seen by the Server. Hence the client should only send the user and we
> should add a 'group mapping service' so that the Server can query it for the
> mapping.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
