hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Varun Vasudev (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-2397) RM web interface sometimes returns request is a replay error in secure mode
Date Thu, 14 Aug 2014 17:24:13 GMT

    [ https://issues.apache.org/jira/browse/YARN-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14097244#comment-14097244

Varun Vasudev commented on YARN-2397:

Thanks for the feedback [~zjshen]. My thinking is that in secure mode, we should replace the
AuthenticationFilterInitializer with the RMAuthenticationInitializer to add support for authentication
using delegation tokens. In non-secure mode, the RMAuthenticationFilterInitializer and the
AuthenticationFilterInitializer are the the same so there's no need for any replacement.

However, in non-secure mode, we should have a default filter in case none is specified(so
that users can use the rm web services), hence the code block for non-secure mode.

> RM web interface sometimes returns request is a replay error in secure mode
> ---------------------------------------------------------------------------
>                 Key: YARN-2397
>                 URL: https://issues.apache.org/jira/browse/YARN-2397
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Varun Vasudev
>            Assignee: Varun Vasudev
>            Priority: Critical
>         Attachments: apache-yarn-2397.0.patch, apache-yarn-2397.1.patch
> The RM web interface sometimes returns a request is a replay error if the default kerberos
http filter is enabled. This is because it uses the new RMAuthenticationFilter in addition
to the AuthenticationFilter. There is a workaround to set "yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled"
to false. This bug is to fix the code to use only the RMAuthenticationFilter and not both.

This message was sent by Atlassian JIRA

View raw message