hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "K. N. Ramachandran" <knra...@gmail.com>
Subject YARN and Kerberos: Client <-> ApplicationMaster RPC
Date Mon, 18 Apr 2016 14:19:23 GMT
Hello all,

We have a legacy YARN Application code and we were looking at the changes
needed to allow this to run on a Kerberos cluster. The AM (ApplnMaster)
builds an RPC Server and the Client connects to this to get status updates
and program output.

1) Is there an example for this kind of RPC Setup on a Kerberos cluster? We
followed the outline in the TestSaslRPC test (testKerberosRpc function),
but we were wondering if there is a better way?

2) The main issue now is that our changes depend on the user having a
keytab. Following the TestSaslRPC outline, we do a SecurityUtil.login(conf,
(user keytab), (user principal)) when we build the RPC Server (AM side) and
the Client code is able to connect to it.

But ideally the user would have logged in with only a password and that
should be enough. How do we login and build the RPC Server on the AM side
without asking for a password?

Ramachandran K.N.
Ph: 814-441-4279

View raw message