hadoop2.2.0 core-site.xml--security properties

<!--- security properties -->

<property>  <name>hadoop.security.authorization</name>  <value>false</value>  <description>Is service-level authorization enabled?</description></property>

注释：

<property>  <name>hadoop.security.authentication</name>  <value>simple</value>  <description>Possible values are simple (no authentication), and kerberos  </description></property>

注释：

<property>  <name>hadoop.security.group.mapping</name>  <value>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</value>  <description>    Class for user to group mapping (get groups for a given user) for ACL  </description></property>

注释：

<property>  <name>hadoop.security.groups.cache.secs</name>  <value>300</value>  <description>    This is the config controlling the validity of the entries in the cache    containing the user->group mapping. When this duration has expired,    then the implementation of the group mapping provider is invoked to get    the groups of the user and then cached back.  </description></property>

注释：

 

<property>  <name>hadoop.security.service.user.name.key</name>  <value></value>  <description>    For those cases where the same RPC protocol is implemented by multiple    servers, this configuration is required for specifying the principal    name to use for the service when the client wishes to make an RPC call.  </description></property>

注释：

<property>  <name>hadoop.rpc.protection</name>  <value>authentication</value>  <description>This field sets the quality of protection for secured sasl       connections. Possible values are authentication, integrity and privacy.      authentication means authentication only and no integrity or privacy;       integrity implies authentication and integrity are enabled; and privacy       implies all of authentication, integrity and privacy are enabled.  </description></property>

注释：

<property>  <name>hadoop.work.around.non.threadsafe.getpwuid</name>  <value>false</value>  <description>Some operating systems or authentication modules are known to  have broken implementations of getpwuid_r and getpwgid_r, such that these  calls are not thread-safe. Symptoms of this problem include JVM crashes  with a stack trace inside these functions. If your system exhibits this  issue, enable this configuration parameter to include a lock around the  calls as a workaround.  An incomplete list of some systems known to have this issue is available  at http://wiki.apache.org/hadoop/KnownBrokenPwuidImplementations  </description></property>

注释：

<property>  <name>hadoop.kerberos.kinit.command</name>  <value>kinit</value>  <description>Used to periodically renew Kerberos credentials when provided  to Hadoop. The default setting assumes that kinit is in the PATH of users  running the Hadoop client. Change this to the absolute path to kinit if this  is not the case.  </description></property>

注释：