hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zhijie Shen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-2228) TimelineServer should load pseudo authentication filter when authentication = simple
Date Thu, 03 Jul 2014 15:00:43 GMT

     [ https://issues.apache.org/jira/browse/YARN-2228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Zhijie Shen updated YARN-2228:
------------------------------

    Attachment: YARN-2228.2.patch

bq. Can you split up the individual tests so that the conditions are easier to understand?
Something like

Nice refactoring suggestion. Thanks!

bq. Maybe we should just use the hadoop.http.authentication.* instead of a new subset?

I used to choose have timeline prefix configuration names to prevent affecting other components.
Before we making http authentication for RM and timeline, web HDFS is the only component that
is using the feature to support Oozie. Now if we keep using these configures in core-site.xml,
all the three daemons are going to have same settings (unless we prepare different core-site.xml),
while I think it should be good to allow flexible configurations for each individual daemons.

> TimelineServer should load pseudo authentication filter when authentication = simple
> ------------------------------------------------------------------------------------
>
>                 Key: YARN-2228
>                 URL: https://issues.apache.org/jira/browse/YARN-2228
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2228.1.patch, YARN-2228.2.patch
>
>
> When kerberos authentication is not enabled, we should let the timeline server to work
with pseudo authentication filter. In this way, the sever is able to detect the request user
by checking "user.name".
> On the other hand, timeline client should append "user.name" in un-secure case as well,
such that ACLs can keep working in this case. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message