Return-Path: X-Original-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CF85910492 for ; Tue, 14 Jan 2014 16:56:53 +0000 (UTC) Received: (qmail 58231 invoked by uid 500); 14 Jan 2014 16:56:52 -0000 Delivered-To: apmail-hadoop-yarn-issues-archive@hadoop.apache.org Received: (qmail 58185 invoked by uid 500); 14 Jan 2014 16:56:52 -0000 Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: yarn-issues@hadoop.apache.org Delivered-To: mailing list yarn-issues@hadoop.apache.org Received: (qmail 58175 invoked by uid 99); 14 Jan 2014 16:56:52 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Jan 2014 16:56:52 +0000 Date: Tue, 14 Jan 2014 16:56:52 +0000 (UTC) From: "Jason Lowe (JIRA)" To: yarn-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (YARN-1600) RM does not startup when security is enabled without spnego configured MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/YARN-1600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13870898#comment-13870898 ] Jason Lowe commented on YARN-1600: ---------------------------------- A number of ways to address this, and I'm sure there are others: * have the RM avoid setting spnego confs on the WebApps setup if the confs have no values set * have WebApps avoid setting up username and keytab confs for HttpServer if those confs have no values set (similar to early patches on YARN-1463) * if we're worried we need to make sure users are aware that they configured security but not spnego and want to make that break by default as it does today then we need a separate config to indicate the user really wants to run with security but not spnego on the RM web pages > RM does not startup when security is enabled without spnego configured > ---------------------------------------------------------------------- > > Key: YARN-1600 > URL: https://issues.apache.org/jira/browse/YARN-1600 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager > Affects Versions: 2.4.0 > Reporter: Jason Lowe > Priority: Blocker > > We have a custom auth filter in front of our various UI pages that handles user authentication. However currently the RM assumes that if security is enabled then the user must have configured spnego as well for the RM web pages which is not true in our case. -- This message was sent by Atlassian JIRA (v6.1.5#6160)