Currently I am working on a project to enhance the security for the Hadoop 
cluster. Eventually I will use Kerberos and Sentry for authentication and 
authorisation. And the username and group mapping will come from AD/LDAP (?), I 
think so. 

But now I am just learning and trying. I have a question and I haven’t figure 
it out is

where the username/group mapping information come from? 

As far as I know there is no username and group name for Hadoop and username 
and group name come from the client wherever from local client machine or 
Kerberos realm. But it is a little bit vague for me and can I get the 
implementation details here? 

Is this information from the machine where HDFS client is located or from the 
linux shell username and group on name node?  Or it depends on the context - 
even related to data node? What if the data nodes and name nodes have different 
users or user-group mapping in the local boxes. 



Reply via email to