hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-707) Add user info in the YARN ClientToken
Date Fri, 23 Aug 2013 21:23:52 GMT

    [ https://issues.apache.org/jira/browse/YARN-707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748999#comment-13748999

Daryn Sharp commented on YARN-707:

It almost seems like it would be better to invert the approach to be more consistent with
other tokens - the owner of the token is the user (not the app attempt) and there's a new
field for the app attempt (instead of a new field for the user).

Another thought would be leverage the existing real/effective user in the token.  One is the
submitter, the other is the app attempt.  Logging that includes the UGI will show "appAttempt
(auth:...) via daryn (auth:...)", or vice-versa for the users.

> Add user info in the YARN ClientToken
> -------------------------------------
>                 Key: YARN-707
>                 URL: https://issues.apache.org/jira/browse/YARN-707
>             Project: Hadoop YARN
>          Issue Type: Improvement
>            Reporter: Bikas Saha
>            Assignee: Vinod Kumar Vavilapalli
>         Attachments: YARN-707-20130822.txt
> If user info is present in the client token then it can be used to do limited authz in
the AM.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message