@bganesan@hortonworks.com @bdurai@hortonworks.com Balaji and Bosco, Do we need to worry about HADOOP_USER_NAME if we enable LDAP mapping for HDFS by following this blog? BLOG No kerberos in place. ... View more

Do you have LDAP enabled for HDFS? http://hortonworks.com/blog/hadoop-groupmapping-ldap-integration/ @Ali Bajwa ... View more

@Ali Bajwa Thanks for sharing this. Is it valid for AD logins? User A logs into the system with his AD credentials, HDFS or Hive ACL's kicks in for authorization. Is it possible for user A to export HADOOP_USER_NAME=hdfs and take over permissions? ... View more

@Andrew Grande Could you elaborate more on "fraction of components" ? User A logs into the system with his AD credentials, HDFS or Hive ACL's kicks in for authorization. I agree with you that Kerberos add more security because all the benefits/features it comes with. ... View more

@Ali Bajwa @rgarcia@hortonworks.com This is great discussions. Could you share an example of HADOOP_USER_NAME? ... View more

@Scott Shaw This looks great. Thanks for sharing it. ... View more

@hrongali@hortonworks.com This document will save you lot of headache. Link Page 12 is the most important. Please feel free to reach out to me anytime. Adding important information regarding service account link Use the Skip Group Modifications option to not modify the Linux groups in the cluster. Choosing this option is typically required if your environment manages groups using LDAP and not on the local Linux machines. ... View more

@Artem Ervits I have accepted Deepesh response as Best Answer. Please let me know your feedback ... View more