Return-Path: X-Original-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org Delivered-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1E58E18B59 for ; Mon, 18 Apr 2016 14:19:57 +0000 (UTC) Received: (qmail 65467 invoked by uid 500); 18 Apr 2016 14:19:53 -0000 Delivered-To: apmail-hadoop-mapreduce-user-archive@hadoop.apache.org Received: (qmail 65367 invoked by uid 500); 18 Apr 2016 14:19:53 -0000 Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list user@hadoop.apache.org Received: (qmail 65356 invoked by uid 99); 18 Apr 2016 14:19:52 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Apr 2016 14:19:52 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 395CBC0DEA for ; Mon, 18 Apr 2016 14:19:52 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.429 X-Spam-Level: * X-Spam-Status: No, score=1.429 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id Yp027s5AB3SV for ; Mon, 18 Apr 2016 14:19:50 +0000 (UTC) Received: from mail-oi0-f45.google.com (mail-oi0-f45.google.com [209.85.218.45]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 2FFE55F23C for ; Mon, 18 Apr 2016 14:19:50 +0000 (UTC) Received: by mail-oi0-f45.google.com with SMTP id r78so50041171oie.0 for ; Mon, 18 Apr 2016 07:19:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=ZOxnYxAqmlLP+29XrmXYe0sslE7stkjJ2DPPF6zMTig=; b=w4FbFd7C+yPykYbU6XqWYGPU6U72pSXBq8+CGrzkCz6W9Y5ZBiq4Z43xzvB6jsE+uC 88MwDRHRBB36udNfKXX23c2lojt8SURjG6jC0S4Qvgj+cJLKM7NMd0y+JES7UEuSlIvH zwZJSWPp/s5vJ2PCve7XSRrT3woDJzi2ps2i7BnMJFLZWTwl7C2jCdwPIRe7zIEA4G7d PUfyL3SrQF/2HzeVviMipcn7H13uKNSpOLEtiJbbA6S6m08VuNz69s7YHucxSF9IBDhf VhSBimyKGj+VwauWmFZ9Lmir51Ba7nBTGhcjrGgbmZS1iSRyw7ZAcAIIixMPoiFLxgGg TI9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ZOxnYxAqmlLP+29XrmXYe0sslE7stkjJ2DPPF6zMTig=; b=izsRodN4hnVO5liQYmJc5oHdrLoKGA/sorJph2K6cUA/bbgfWthkc0RVmNjaCWQnBA S1glVkpW3nL1VZFh/8y/+i3NrUgRSOFNp16Vw6iPlulLChvUCzfwnUIZSd5hqAI6L6Yi R5ytRPm55vpyod/dtItoBdtenNwP49emNkg+oup7aqLeasqqXP+eqmSUgsNCFU4U/UoR TopDilN6PNoLRbgBXEMqyboT1DFvvb15X8oxM+e5cEj4FOIPNZM6XP+t5hiBYAYqhDwI O9PAeQ+STdC9eoYeJDFULEEJPVevHNUj4y1sQPrVdtga1cOlX+qgoVRhORmWQ4fYy+CU aeaw== X-Gm-Message-State: AOPr4FWGKFJTeiCjzZOHYK3UXfhopc4U0lsaCyU3QXddjE0wjMomdTrJiT7oaYAcO/pKi/es+4HM3RqN2MHGuQ== X-Received: by 10.202.2.79 with SMTP id 76mr15682211oic.108.1460989183131; Mon, 18 Apr 2016 07:19:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.251.130 with HTTP; Mon, 18 Apr 2016 07:19:23 -0700 (PDT) From: "K. N. Ramachandran" Date: Mon, 18 Apr 2016 10:19:23 -0400 Message-ID: Subject: YARN and Kerberos: Client <-> ApplicationMaster RPC To: user@hadoop.apache.org Content-Type: multipart/alternative; boundary=001a1137bac84807eb0530c30dc2 --001a1137bac84807eb0530c30dc2 Content-Type: text/plain; charset=UTF-8 Hello all, We have a legacy YARN Application code and we were looking at the changes needed to allow this to run on a Kerberos cluster. The AM (ApplnMaster) builds an RPC Server and the Client connects to this to get status updates and program output. 1) Is there an example for this kind of RPC Setup on a Kerberos cluster? We followed the outline in the TestSaslRPC test (testKerberosRpc function), but we were wondering if there is a better way? 2) The main issue now is that our changes depend on the user having a keytab. Following the TestSaslRPC outline, we do a SecurityUtil.login(conf, (user keytab), (user principal)) when we build the RPC Server (AM side) and the Client code is able to connect to it. But ideally the user would have logged in with only a password and that should be enough. How do we login and build the RPC Server on the AM side without asking for a password? Regards, Ramachandran K.N. Ph: 814-441-4279 --001a1137bac84807eb0530c30dc2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello all,

We have a legacy YARN Applic= ation code and we were looking at the changes needed to allow this to run o= n a Kerberos cluster. The AM (ApplnMaster) builds an RPC Server and the Cli= ent connects to this to get status updates and program output.
1) Is there an example for this kind of RPC Setup on a Kerbero= s cluster? We followed the outline in the TestSaslRPC test (testKerberosRpc= function), but we were wondering if there is a better way?

<= /div>
2) The main issue now is that our changes depend on the user havi= ng a keytab. Following the TestSaslRPC outline, we do a SecurityUtil.login(conf, (user keytab), (user principal))<= /font> when we build the RPC Server (AM side) and the Client code is able t= o connect to it.

But ideally the user would have l= ogged in with only a password and that should be enough. How do we login an= d build the RPC Server on the AM side without asking for a password?
<= div>

Regards,
Ramachandran K.N.
Ph: 814-441-4279
--001a1137bac84807eb0530c30dc2--