hadoop2.2.0 core-site.xml--security properties

<!--- security properties -->

<property>
  <name>hadoop.security.authorization</name>
  <value>false</value>
  <description>Is service-level authorization enabled?</description>
</property>

注释:

<property>
  <name>hadoop.security.authentication</name>
  <value>simple</value>
  <description>Possible values are simple (no authentication), and kerberos
  </description>
</property>

注释:

<property>
  <name>hadoop.security.group.mapping</name>
  <value>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</value>
  <description>
    Class for user to group mapping (get groups for a given user) for ACL
  </description>
</property>


注释:

<property>
  <name>hadoop.security.groups.cache.secs</name>
  <value>300</value>
  <description>
    This is the config controlling the validity of the entries in the cache
    containing the user->group mapping. When this duration has expired,
    then the implementation of the group mapping provider is invoked to get
    the groups of the user and then cached back.
  </description>
</property>

注释:

 

<property>
  <name>hadoop.security.service.user.name.key</name>
  <value></value>
  <description>
    For those cases where the same RPC protocol is implemented by multiple
    servers, this configuration is required for specifying the principal
    name to use for the service when the client wishes to make an RPC call.
  </description>
</property>

注释:

<property>
  <name>hadoop.rpc.protection</name>
  <value>authentication</value>
  <description>This field sets the quality of protection for secured sasl 
      connections. Possible values are authentication, integrity and privacy.
      authentication means authentication only and no integrity or privacy; 
      integrity implies authentication and integrity are enabled; and privacy 
      implies all of authentication, integrity and privacy are enabled.
  </description>
</property>

注释:

<property>
  <name>hadoop.work.around.non.threadsafe.getpwuid</name>
  <value>false</value>
  <description>Some operating systems or authentication modules are known to
  have broken implementations of getpwuid_r and getpwgid_r, such that these
  calls are not thread-safe. Symptoms of this problem include JVM crashes
  with a stack trace inside these functions. If your system exhibits this
  issue, enable this configuration parameter to include a lock around the
  calls as a workaround.

  An incomplete list of some systems known to have this issue is available
  at http://wiki.apache.org/hadoop/KnownBrokenPwuidImplementations
  </description>
</property>

注释:

<property>
  <name>hadoop.kerberos.kinit.command</name>
  <value>kinit</value>
  <description>Used to periodically renew Kerberos credentials when provided
  to Hadoop. The default setting assumes that kinit is in the PATH of users
  running the Hadoop client. Change this to the absolute path to kinit if this
  is not the case.
  </description>
</property>

注释:

 

 

posted @ 2014-03-06 17:26  weian404  阅读(232)  评论(0编辑  收藏  举报