hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1841) YARN ignores/overrides explicit security settings
Date Mon, 17 Mar 2014 15:41:43 GMT

    [ https://issues.apache.org/jira/browse/YARN-1841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13937933#comment-13937933
] 

Daryn Sharp commented on YARN-1841:
-----------------------------------

The reason the custom AM in the related user@hadoop thread is failing is likely because it's
coded incorrectly.  I suspect the RM supplied tokens were not added to the AM's ugi.

In general, tokens are just a lightweight alternate authentication method that removes the
need for hard authentication, ex. kerberos, which a task cannot do.  Tokens within yarn are
used to encode app/task identity and other information.  Note that the identity is not the
job's user identity so tokens cannot be disabled.

This jira should be marked invalid if Vinod agrees.

> YARN ignores/overrides explicit security settings
> -------------------------------------------------
>
>                 Key: YARN-1841
>                 URL: https://issues.apache.org/jira/browse/YARN-1841
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>    Affects Versions: 2.3.0
>            Reporter: Oleg Zhurakousky
>
> core-site.xml explicitly sets authentication as SIMPLE
> {code}
>  <property>
>     <name>hadoop.security.authentication</name>
>     <value>simple</value>
>     <description>Simple authentication</description>
>   </property>
> {code}
> However any attempt to register ApplicationMaster on the remote YARN cluster results
in 
> {code}
> org.apache.hadoop.security.AccessControlException: SIMPLE authentication is not enabled.
 Available:[TOKEN]
> . . .
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message