hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1959) Should use long name for token renewer on the client side
Date Mon, 28 Feb 2011 02:54:36 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13000088#comment-13000088
] 

Hadoop QA commented on MAPREDUCE-1959:
--------------------------------------

-1 overall.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12453548/m1959-05.patch
  against trunk revision 1074251.

    +1 @author.  The patch does not contain any @author tags.

    +1 tests included.  The patch appears to include 3 new or modified tests.

    +1 javadoc.  The javadoc tool did not generate any warning messages.

    +1 javac.  The applied patch does not increase the total number of javac compiler warnings.

    +1 findbugs.  The patch does not introduce any new Findbugs (version 1.3.9) warnings.

    +1 release audit.  The applied patch does not increase the total number of release audit
warnings.

    +1 core tests.  The patch passed core unit tests.

    -1 contrib tests.  The patch failed contrib unit tests.

    +1 system test framework.  The patch passed system test framework compile.

Test results: https://hudson.apache.org/hudson/job/PreCommit-MAPREDUCE-Build/74//testReport/
Findbugs warnings: https://hudson.apache.org/hudson/job/PreCommit-MAPREDUCE-Build/74//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output: https://hudson.apache.org/hudson/job/PreCommit-MAPREDUCE-Build/74//console

This message is automatically generated.

> Should use long name for token renewer on the client side
> ---------------------------------------------------------
>
>                 Key: MAPREDUCE-1959
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1959
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: job submission, security
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>         Attachments: m1959-01.patch, m1959-02.patch, m1959-05.patch
>
>
> When getting a delegation token from a NN, a client needs to specify the renewer for
the token. For use on a MapRed cluster, JT should be specified as the renewer. However, in
the current code, the client maps JT's long name (Kerberos principal name) to cluster-internal
short name and then sets the short name as the renewer. This is undesirable for 2 reasons.
1) It's unnecessary since NN (or JT) converts client-supplied renewer from long to short name
anyway. 2) In principle, the mapping from long to short name should be done on the server.
This is consistent with the authentication case, where the client uses the same long name
to authenticate to multiple servers and servers map client's long name to their own internal
short names. It facilitates using the same job client to get delegation tokens from multiple
NN's, which may have different mapping rules for JT.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message