If you want to drill down a bit, I recommend read this doc too:
This is for trunk Hadoop 3.0, but most of it applies to 2.7/2.8
A very happy Clouderan
> On Oct 14, 2016, at 11:33 AM, Ravi Prakash <ravihad...@gmail.com> wrote:
> It gets it from whatever is configured on the Namenode.
> On Thu, Oct 13, 2016 at 7:43 PM, chen dong <chendong...@gmail.com
> <mailto:chendong...@gmail.com>> wrote:
> Currently I am working on a project to enhance the security for the Hadoop
> cluster. Eventually I will use Kerberos and Sentry for authentication and
> authorisation. And the username and group mapping will come from AD/LDAP (?),
> I think so.
> But now I am just learning and trying. I have a question and I haven’t figure
> it out is
> where the username/group mapping information come from?
> As far as I know there is no username and group name for Hadoop and username
> and group name come from the client wherever from local client machine or
> Kerberos realm. But it is a little bit vague for me and can I get the
> implementation details here?
> Is this information from the machine where HDFS client is located or from the
> linux shell username and group on name node? Or it depends on the context -
> even related to data node? What if the data nodes and name nodes have
> different users or user-group mapping in the local boxes.