hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Zhurakousky (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1841) YARN ignores/overrides explicit security settings
Date Mon, 17 Mar 2014 22:20:51 GMT

    [ https://issues.apache.org/jira/browse/YARN-1841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13938479#comment-13938479
] 

Oleg Zhurakousky commented on YARN-1841:
----------------------------------------

Daryn

Unfortunately I still disagree and here is why. The API in question is a very public API which
one uses during the implementation of AM. The fact that it behaves differently once invoked
from the AM vs. just a simple API call to a remote cluster is what I am questioning. Nothing
stops me from doing the later. Not a comment, doc, javadoc, warning message or anything else.
In fact the error message I see is completely misleading and took me on the wrong path of
figuring out the cause which resulted in this JIRA (which is different from YARN-944). The
current API is not designed in a way to help someone like myself not to make such a mistake.
So, from that perspective its still a problem and while I won't be fighting over it by re-opening
the issue, I would suggest to rethink. Let's just say that I know a thing or two about the
API design but I also play for the same team (HWX) and while I am freely expressing my concerns
with good intentions, someone else may not have as much patience and fall back to YARN alternatives
(quite a few, depending on how you look). Anyway, I'll leave it up to you.

Cheers
Oleg

> YARN ignores/overrides explicit security settings
> -------------------------------------------------
>
>                 Key: YARN-1841
>                 URL: https://issues.apache.org/jira/browse/YARN-1841
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>    Affects Versions: 2.3.0
>            Reporter: Oleg Zhurakousky
>
> core-site.xml explicitly sets authentication as SIMPLE
> {code}
>  <property>
>     <name>hadoop.security.authentication</name>
>     <value>simple</value>
>     <description>Simple authentication</description>
>   </property>
> {code}
> However any attempt to register ApplicationMaster on the remote YARN cluster results
in 
> {code}
> org.apache.hadoop.security.AccessControlException: SIMPLE authentication is not enabled.
 Available:[TOKEN]
> . . .
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message