[
https://issues.apache.org/jira/browse/HDFS-7146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14154223#comment-14154223
]
Yongjun Zhang commented on HDFS-7146:
-------------------------------------
HI [~brandonli],
Thanks a lot for the review and comments!
I think you made a very good point. One problem I found when doing the test is,
for numerical user name, "getent passwd <username>" would return nothing,
however, the initial initialization code will catch it correctly. So looks like
we can't totally take the initialization out. That said, keeping the
initialization part would help this issue I described, but may not completely
fix it because of the issue reported by this jira (i.e., the initial list may
not be complete).
What about we keep the initialization part for now, and decide whether we can
drop it later? This way, the impact of this jira fix is minimized: all stuff
that worked should continue to work, and the issue reported by this jira will
be fixed by the change?
Thanks again.
> NFS ID/Group lookup requires SSSD enumeration on the server
> -----------------------------------------------------------
>
> Key: HDFS-7146
> URL: https://issues.apache.org/jira/browse/HDFS-7146
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: nfs
> Affects Versions: 2.6.0
> Reporter: Yongjun Zhang
> Assignee: Yongjun Zhang
> Attachments: HDFS-7146.001.patch
>
>
> The current implementation of the NFS UID and GID lookup works by running
> 'getent passwd' with an assumption that it will return the entire list of
> users available on the OS, local and remote (AD/etc.).
> This behaviour of the command is advised to be and is prevented by
> administrators in most secure setups to avoid excessive load to the ADs
> involved, as the # of users to be listed may be too large, and the repeated
> requests of ALL users not present in the cache would be too much for the AD
> infrastructure to bear.
> The NFS server should likely do lookups based on a specific UID request, via
> 'getent passwd <UID>', if the UID does not match a cached value. This reduces
> load on the LDAP backed infrastructure.
> Thanks [~qwertymaniac] for reporting the issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
