hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-707) Add user info in the YARN ClientToken
Date Fri, 23 Aug 2013 21:23:52 GMT

    [ https://issues.apache.org/jira/browse/YARN-707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748999#comment-13748999
] 

Daryn Sharp commented on YARN-707:
----------------------------------

It almost seems like it would be better to invert the approach to be more consistent with
other tokens - the owner of the token is the user (not the app attempt) and there's a new
field for the app attempt (instead of a new field for the user).

Another thought would be leverage the existing real/effective user in the token.  One is the
submitter, the other is the app attempt.  Logging that includes the UGI will show "appAttempt
(auth:...) via daryn (auth:...)", or vice-versa for the users.

Thoughts?
                
> Add user info in the YARN ClientToken
> -------------------------------------
>
>                 Key: YARN-707
>                 URL: https://issues.apache.org/jira/browse/YARN-707
>             Project: Hadoop YARN
>          Issue Type: Improvement
>            Reporter: Bikas Saha
>            Assignee: Vinod Kumar Vavilapalli
>         Attachments: YARN-707-20130822.txt
>
>
> If user info is present in the client token then it can be used to do limited authz in
the AM.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message