Hadoop supports two different modes of operation for determining the identity of a user, simple and Kerberos.
Simple
In simple mode, the identity of a client process is determined by the host operating system. On Unix-like systems, the user name is the equivalent of
whoami.
Kerberos
In a Hadoop environment with Kerberos, the identity of a client process is determined by its Kerberos credentials. For example, you can use the
kinit utility to obtain a Kerberos ticket-granting-ticket (TGT) and use
klist to determine your current principal. When mapping a Kerberos principal to an HDFS username, using the
auth_to_local Hadoop property, all components except for the primary are dropped. For example, a principal
todd/foobar@CORP.COMPANY.COM acts as the simple username
"todd" on HDFS.
ECS HDFS integrates with Hadoop clusters configured to use either simple or Kerberos authentication modes.
When the Hadoop cluster uses Kerberos, you can configure ECS to grant access to users with Kerberos principals in the form
user@REALM.COM. Alternatively, where ECS uses AD to authenticate users, you can configure a one-way trust between the Kerberos environment and AD so that users can authenticate using their AD credentials, in the form
user@DOMAIN.COM.
The permissions of newly created files and directories are restricted by the umask (fs.permissions.umask-mode). The recommended umask is 022.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\