hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jian He (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-3855) If acl is enabled and http.authentication.type is simple, user cannot view the app page in default setup
Date Fri, 26 Jun 2015 03:23:04 GMT

    [ https://issues.apache.org/jira/browse/YARN-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14602341#comment-14602341
] 

Jian He commented on YARN-3855:
-------------------------------

I believe what you suggested is a general good practice to setup secure cluster. Btw, the
patch did not enable/enforce any of this. People can config whatever they want for the http
authentication regardless how the rest components are setup before this jira. The point of
this jira is to prevent this scenario that user cannot view the applications in whatever way
unless the daemon is restarted.

> If acl is enabled and http.authentication.type is simple, user cannot view the app page
in default setup
> --------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-3855
>                 URL: https://issues.apache.org/jira/browse/YARN-3855
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Jian He
>            Assignee: Jian He
>         Attachments: YARN-3855.1.patch
>
>
> If all ACLs (admin acl, queue-admin-acls etc.) are setup properly and "http.authentication.type"
is 'simple' in secure mode , user cannot view the application web page in default setup because
the incoming user is always considered as "dr.who" . User also cannot pass "user.name" to
indicate the incoming user name, because AuthenticationFilterInitializer is not enabled by
default. This is inconvenient from user's perspective. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message