If you want to drill down a bit, I recommend read this doc too: 
This is for trunk Hadoop 3.0, but most of it applies to 2.7/2.8

Wei-Chiu Chuang
A very happy Clouderan

> On Oct 14, 2016, at 11:33 AM, Ravi Prakash <ravihad...@gmail.com> wrote:
> Chen! 
> It gets it from whatever is configured on the Namenode. 
> https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping
> <https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping>
> Ravi
> On Thu, Oct 13, 2016 at 7:43 PM, chen dong <chendong...@gmail.com 
> <mailto:chendong...@gmail.com>> wrote:
> Hi, 
> Currently I am working on a project to enhance the security for the Hadoop 
> cluster. Eventually I will use Kerberos and Sentry for authentication and 
> authorisation. And the username and group mapping will come from AD/LDAP (?), 
> I think so. 
> But now I am just learning and trying. I have a question and I haven’t figure 
> it out is
> where the username/group mapping information come from? 
> As far as I know there is no username and group name for Hadoop and username 
> and group name come from the client wherever from local client machine or 
> Kerberos realm. But it is a little bit vague for me and can I get the 
> implementation details here? 
> Is this information from the machine where HDFS client is located or from the 
> linux shell username and group on name node?  Or it depends on the context - 
> even related to data node? What if the data nodes and name nodes have 
> different users or user-group mapping in the local boxes. 
> Regards,
> Dong

Reply via email to