hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-707) Add user info in the YARN ClientToken
Date Wed, 04 Sep 2013 15:50:53 GMT

    [ https://issues.apache.org/jira/browse/YARN-707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13757890#comment-13757890
] 

Daryn Sharp commented on YARN-707:
----------------------------------

Still reviewing, but an initial observation is {{ClientToAMSecretManager#getMasterKey}} is
fabricating a new secret key if there is no pre-existing key for the appId.  This should be
an error condition.  The secret manager knows the secret key for the specific app so there's
no need to ever generate a secret key, right?  Else I can flood the AM with invalid appIds
to make it go OOM from generating secret keys for invalid appIds.
                
> Add user info in the YARN ClientToken
> -------------------------------------
>
>                 Key: YARN-707
>                 URL: https://issues.apache.org/jira/browse/YARN-707
>             Project: Hadoop YARN
>          Issue Type: Improvement
>            Reporter: Bikas Saha
>            Assignee: Jason Lowe
>            Priority: Blocker
>             Fix For: 3.0.0, 2.1.1-beta
>
>         Attachments: YARN-707-20130822.txt, YARN-707-20130827.txt, YARN-707-20130828-2.txt,
YARN-707-20130828.txt, YARN-707-20130829.txt, YARN-707-20130830.branch-0.23.txt
>
>
> If user info is present in the client token then it can be used to do limited authz in
the AM.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message