hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zhijie Shen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-2676) Timeline authentication filter should add support for proxy user
Date Wed, 15 Oct 2014 22:47:33 GMT

     [ https://issues.apache.org/jira/browse/YARN-2676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Zhijie Shen updated YARN-2676:
    Attachment: YARN-2676.1.patch

Upload a working in progress patch:

1. Server side: make TimelineAuthenticationFilter extend the common DelegationTokenAuthenticationFilter
and use the related common stuff.

2. Client side: make TimelineClientImpl use the DelegationTokenAuthenticatedURL and DelegationTokenAuthenticator,
which will fail back to pseduo/kerberos authenticator if DT is not there.

3. Client side: make TimelineClientImpl be friendly to proxy user. Will execute the http request
with real user with the proxy user set as the "doAs" user.

4. Cleanup the unnecessary code, which we used to duplicate for timeline security.

It is worth mentioning that new http authentication request and response is not going to be
compatible with the prior one. It's difficult to be compatible at http level, because both
header and body are almost different in format. However, at the point of view of timeline
client, the change should be transparent.

> Timeline authentication filter should add support for proxy user
> ----------------------------------------------------------------
>                 Key: YARN-2676
>                 URL: https://issues.apache.org/jira/browse/YARN-2676
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2676.1.patch

This message was sent by Atlassian JIRA

View raw message