Currently I am working on a project to enhance the security for the Hadoop
cluster. Eventually I will use Kerberos and Sentry for authentication and
authorisation. And the username and group mapping will come from AD/LDAP (?), I
But now I am just learning and trying. I have a question and I haven’t figure
it out is
where the username/group mapping information come from?
As far as I know there is no username and group name for Hadoop and username
and group name come from the client wherever from local client machine or
Kerberos realm. But it is a little bit vague for me and can I get the
implementation details here?
Is this information from the machine where HDFS client is located or from the
linux shell username and group on name node? Or it depends on the context -
even related to data node? What if the data nodes and name nodes have different
users or user-group mapping in the local boxes.