hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-617) In unsercure mode, AM can fake resource requirements
Date Wed, 01 May 2013 13:34:17 GMT

    [ https://issues.apache.org/jira/browse/YARN-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13646572#comment-13646572

Daryn Sharp commented on YARN-617:

bq. we are trying to change the auth to use AMTokens and authorization will continue to be
via ContainerTokens

I may have misinterpreted the other jira...  I thought the goal is continue to auth container
launches with a container token, but change status and stop to authenticate with the am token?
 Are you saying the goal is to auth container launches with the am token too?

{quote}bq. A RPC server also enables SASL DIGEST-MD5 if a secret manager is active.{quote}
bq. Off topic, but this is what I guessed is the reason underlying YARN-626, do you know when
this got merged into branch-2?

The SASL changes HADOOP-8783/HADOOP-8784 went in Oct 3-4 2012.  The change allowed servers
to accept tokens regardless of security setting if a secret manager is present, and for clients
to always use a token if present regardless of security setting.  This didn't change behavior
for secure cluster, so YARN-626 can't be related because security is enabled and the AM is
lacking a token for the RM in its UGI.

> In unsercure mode, AM can fake resource requirements 
> -----------------------------------------------------
>                 Key: YARN-617
>                 URL: https://issues.apache.org/jira/browse/YARN-617
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Minor
> Without security, it is impossible to completely avoid AMs faking resources. We can at
the least make it as difficult as possible by using the same container tokens and the RM-NM
shared key mechanism over unauthenticated RM-NM channel.
> In the minimum, this will avoid accidental bugs in AMs in unsecure mode.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message