hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-896) Roll up for long lived YARN
Date Fri, 02 Aug 2013 13:37:49 GMT

    [ https://issues.apache.org/jira/browse/YARN-896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13727680#comment-13727680

Larry McCay commented on YARN-896:

While I am missing some of the important context of how tokens are issued for these long lived
containers, I can introduce another pattern for token use that may be of some interest. 

If when an application is submitted to the RM it included tokens that represent the application's
identity and have a sufficiently long expiration date then they could be exchanged for shorter
lived access tokens. Upon completion or being flagged as rogue the identity token can be revoked/invalidated
at which time the bearer could no longer acquire access tokens with it. This pattern eliminates
the finite lifespan issue that tokens such as the delegation token have and at the same time
reduces the amount of damage that can be done with an access token. This pattern is being
discussed as part of the Hadoop SSO efforts for user authentication which you can find at
HADOOP-9533 and HADOOP-9392. I have also filed a JIRA and have a preliminary patch posted
for a JsonWebToken for use in such a pattern: HADOOP-9781. It utilizes PKI based cryptography
for signing and verifying the token which is supported with a dependency on JIRA HADOOP-9534
for a credential management framework.
> Roll up for long lived YARN
> ---------------------------
>                 Key: YARN-896
>                 URL: https://issues.apache.org/jira/browse/YARN-896
>             Project: Hadoop YARN
>          Issue Type: New Feature
>            Reporter: Robert Joseph Evans
> YARN is intended to be general purpose, but it is missing some features to be able to
truly support long lived applications and long lived containers.
> This ticket is intended to
>  # discuss what is needed to support long lived processes
>  # track the resulting JIRA.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message