Return-Path: 
 <yarn-issues-return-14049-apmail-hadoop-yarn-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 746DC100D7
	for <apmail-hadoop-yarn-issues-archive@minotaur.apache.org>;
 Wed,  4 Sep 2013 16:04:54 +0000 (UTC)
Received: (qmail 20180 invoked by uid 500); 4 Sep 2013 16:04:53 -0000
Delivered-To: apmail-hadoop-yarn-issues-archive@hadoop.apache.org
Received: (qmail 20128 invoked by uid 500); 4 Sep 2013 16:04:53 -0000
Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:yarn-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:yarn-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:yarn-issues@hadoop.apache.org>
List-Id: <yarn-issues.hadoop.apache.org>
Reply-To: yarn-issues@hadoop.apache.org
Delivered-To: mailing list yarn-issues@hadoop.apache.org
Received: (qmail 20107 invoked by uid 99); 4 Sep 2013 16:04:52 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Sep 2013 16:04:52 +0000
Date: Wed, 4 Sep 2013 16:04:52 +0000 (UTC)
From: "Daryn Sharp (JIRA)" <jira@apache.org>
To: yarn-issues@hadoop.apache.org
Message-ID: <JIRA.12648539.1369098813071.78261.1378310692767@arcas>
In-Reply-To: <JIRA.12648539.1369098813071@arcas>
References: <JIRA.12648539.1369098813071@arcas>
Subject: [jira] [Commented] (YARN-707) Add user info in the YARN ClientToken
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/YARN-707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13757904#comment-13757904 ] 

Daryn Sharp commented on YARN-707:
----------------------------------

Ug, the RM and AM are abusing the same secret manager impl.  The RM wants the secret key to be generated, whereas the AM really wants to verify it.  2.x fixed this.
                
> Add user info in the YARN ClientToken
> -------------------------------------
>
>                 Key: YARN-707
>                 URL: https://issues.apache.org/jira/browse/YARN-707
>             Project: Hadoop YARN
>          Issue Type: Improvement
>            Reporter: Bikas Saha
>            Assignee: Jason Lowe
>            Priority: Blocker
>             Fix For: 3.0.0, 2.1.1-beta
>
>         Attachments: YARN-707-20130822.txt, YARN-707-20130827.txt, YARN-707-20130828-2.txt, YARN-707-20130828.txt, YARN-707-20130829.txt, YARN-707-20130830.branch-0.23.txt
>
>
> If user info is present in the client token then it can be used to do limited authz in the AM.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira