2. Configure HDP

You must complete the following tasks to configure HDP for Kerberos:

Create Mappings Between Principals and UNIX Usernames

Hadoop uses group memberships of users at various places to determine group ownership for files or for access control.

Note

	Note
A user is mapped to the group using an implementation of the `GroupMappingServiceProvider` interface. The implementation is pluggable and is configured in `core-site.xml`. By default Hadoop uses `ShellBasedUnixGroupsMapping`, which is an implementation of `GroupMappingServiceProvider`. It fetches the group membership for a username by executing a UNIX shell command. In secure clusters, because the usernames are actually Kerberos principals, `ShellBasedUnixGroupsMapping` will work only if the Kerberos principals map to valid UNIX usernames.

A user is mapped to the group using an implementation of the GroupMappingServiceProvider interface. The implementation is pluggable and is configured in core-site.xml.

By default Hadoop uses ShellBasedUnixGroupsMapping, which is an implementation of GroupMappingServiceProvider. It fetches the group membership for a username by executing a UNIX shell command. In secure clusters, because the usernames are actually Kerberos principals, ShellBasedUnixGroupsMapping will work only if the Kerberos principals map to valid UNIX usernames.

Hadoop provides a feature that lets administrators specify mapping rules to map a Kerberos principal to a local UNIX username .

Add Security Information to Configuration Files

Legal notices