[
https://issues.apache.org/jira/browse/HADOOP-1701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12521176
]
Tsz Wo (Nicholas), SZE commented on HADOOP-1701:
------------------------------------------------
Below are my responses to the comments. Sorry for being late.
*For Dhruba's comments:*
(1) We will have a very flexible mechanism to obtain usernames. It will support
* get the username from OS
* get the username specified in conf
* get username by an arbitrary rule
I will let you know the details later.
(2) Since UID is kind of system dependent, we will use username as parameter
for intermediate communication. We also generate some serial numbers in
NameNode for efficient storage. These serial numbers will be used in NameNode
internally and are not visible outside NameNode.
*For Allen's comments:*
# We are going to get ride authentication server and user management in the
first phase. See also (2) below
# We will assume that when users run Hadoop clients, they are logged in to a
network system (e.g. Unix). We use the user account and group information
maintained by the network system. Then, we do not need any user/group
management in Hadoop.
# See (2) in the response for Dhruba's comments.
# In the Hadoop 0.13, the files are stored in the home directories of each
user. Then, the default owner of all files under a home directory (/home/XXXX)
will be the user (i.e. XXXX). For the files not inside a home directory, it
would be root.
# I agree. See also (1) in the response for Dhruba's comments.
# I plan to let administrator to setup a regular expression in conf.
# Currently, it is not an issue since we don't have user management. Our goal
is to support at least 10k users/groups later on.
> Provide a simple authentication service and a user management service
> ---------------------------------------------------------------------
>
> Key: HADOOP-1701
> URL: https://issues.apache.org/jira/browse/HADOOP-1701
> Project: Hadoop
> Issue Type: New Feature
> Reporter: Tsz Wo (Nicholas), SZE
> Assignee: Tsz Wo (Nicholas), SZE
> Attachments: 1701_20070815.patch, users.txt
>
>
> In HADOOP-1298, we want to add user information and permission to the file
> system. It requires an authentication service and a user management service.
> We should provide a framework and a simple implementation in issue and
> extend it later. As discussed in HADOOP-1298, the framework should be
> extensible and pluggable.
> - Extensible: possible to extend the framework to the other parts (e.g.
> map-reduce) of Hadoop.
> - Pluggable: can easily switch security implementations. Below is a diagram
> borrowed from Java.
> !http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
> - Implement a Hadoop authentication center (HAC). In the first step, the
> mechanism of HAC is very simple, it keeps track a list of usernames (we only
> support users, will work on other principals later) in HAC and verify
> username in user login (yeah, no password). HAC can run inside NameNode or
> run as a stand alone server. We will probably use Kerberos to provide more
> sophisticated authentication service.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
