Return-Path: X-Original-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 310CE118C7 for ; Thu, 3 Jul 2014 15:00:44 +0000 (UTC) Received: (qmail 22747 invoked by uid 500); 3 Jul 2014 15:00:44 -0000 Delivered-To: apmail-hadoop-yarn-issues-archive@hadoop.apache.org Received: (qmail 22704 invoked by uid 500); 3 Jul 2014 15:00:44 -0000 Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: yarn-issues@hadoop.apache.org Delivered-To: mailing list yarn-issues@hadoop.apache.org Received: (qmail 22685 invoked by uid 99); 3 Jul 2014 15:00:44 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Jul 2014 15:00:44 +0000 Date: Thu, 3 Jul 2014 15:00:43 +0000 (UTC) From: "Zhijie Shen (JIRA)" To: yarn-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (YARN-2228) TimelineServer should load pseudo authentication filter when authentication = simple MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/YARN-2228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhijie Shen updated YARN-2228: ------------------------------ Attachment: YARN-2228.2.patch bq. Can you split up the individual tests so that the conditions are easier to understand? Something like Nice refactoring suggestion. Thanks! bq. Maybe we should just use the hadoop.http.authentication.* instead of a new subset? I used to choose have timeline prefix configuration names to prevent affecting other components. Before we making http authentication for RM and timeline, web HDFS is the only component that is using the feature to support Oozie. Now if we keep using these configures in core-site.xml, all the three daemons are going to have same settings (unless we prepare different core-site.xml), while I think it should be good to allow flexible configurations for each individual daemons. > TimelineServer should load pseudo authentication filter when authentication = simple > ------------------------------------------------------------------------------------ > > Key: YARN-2228 > URL: https://issues.apache.org/jira/browse/YARN-2228 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Zhijie Shen > Assignee: Zhijie Shen > Attachments: YARN-2228.1.patch, YARN-2228.2.patch > > > When kerberos authentication is not enabled, we should let the timeline server to work with pseudo authentication filter. In this way, the sever is able to detect the request user by checking "user.name". > On the other hand, timeline client should append "user.name" in un-secure case as well, such that ACLs can keep working in this case. -- This message was sent by Atlassian JIRA (v6.2#6252)