[
https://issues.apache.org/jira/browse/HDFS-7146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14161105#comment-14161105
]
Yongjun Zhang commented on HDFS-7146:
-------------------------------------
Hi [~aw],
About the username pattern allowed on different platforms, there were
discussion in HDFS-4983 and HDFS-4733:
{quote}
Alejandro Abdelnur added a comment - 04/Dec/13 17:01
Allowed usernames are the OS allowed user names. Different versions of
Unix/Linux have different restrictions by default. This was discussed when this
was done for httpfs. Refer to HDFS-4733 for details.
{quote}
I agree with you that ideally all allowed usernames would comply with the same
convention, that would make our life much easier. However, if user already had
the numerical usernames, we probably have to support. To ask them to change
user name is going to be much harder than for us to support it:-) That's what
HDFS-4983 and HDFS-4733 about.
Would you please also address the questions I asked in "Another thought Allen
Wittenauer," comment above?
Thanks a lot.
> NFS ID/Group lookup requires SSSD enumeration on the server
> -----------------------------------------------------------
>
> Key: HDFS-7146
> URL: https://issues.apache.org/jira/browse/HDFS-7146
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: nfs
> Affects Versions: 2.6.0
> Reporter: Yongjun Zhang
> Assignee: Yongjun Zhang
> Attachments: HDFS-7146.001.patch, HDFS-7146.002.allIncremental.patch,
> HDFS-7146.003.patch
>
>
> The current implementation of the NFS UID and GID lookup works by running
> 'getent passwd' with an assumption that it will return the entire list of
> users available on the OS, local and remote (AD/etc.).
> This behaviour of the command is advised to be and is prevented by
> administrators in most secure setups to avoid excessive load to the ADs
> involved, as the # of users to be listed may be too large, and the repeated
> requests of ALL users not present in the cache would be too much for the AD
> infrastructure to bear.
> The NFS server should likely do lookups based on a specific UID request, via
> 'getent passwd <UID>', if the UID does not match a cached value. This reduces
> load on the LDAP backed infrastructure.
> Thanks [~qwertymaniac] for reporting the issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
