hadoop-yarn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sevada Abraamyan (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-2911) Issues with GetApplications request in secure cluster
Date Sat, 29 Nov 2014 01:30:12 GMT
Sevada Abraamyan created YARN-2911:
--------------------------------------

             Summary: Issues with GetApplications request in secure cluster
                 Key: YARN-2911
                 URL: https://issues.apache.org/jira/browse/YARN-2911
             Project: Hadoop YARN
          Issue Type: Bug
          Components: resourcemanager
            Reporter: Sevada Abraamyan
            Assignee: Sevada Abraamyan


Both problems arise from the fact that the RM stores the short username of the app submitter.


1) When the {{GetApplicationsRequest}} contains a {{ApplicationsRequestScope.OWN}} filter,
i.e. it wants to filter out all apps not owned by the user. The RM attempts to match the full
username of the GetApplications requester against the stored short username to determine if
the requester is the owner of the app. In a secure cluster this can fail as the two are not
always equivalent. 

2) The {{GetApplicationsRequest}} can be used to filter the the set of app returned to be
only those which were submitted/owned by a set of users. Once again there is a mismatch here
between short/full usernames. Since the client specifies the set of users, theoretically they
can pass in a set of short usernames which would makes this feature work in a secure cluster.
However, it is not expected that a client will have the correct {{hadoop.security.auth_to_local}}
configuration and therefore they can not always be expected to get the correct short usernames.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message