Return-Path: 
 <yarn-issues-return-73033-apmail-hadoop-yarn-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 487C618A80
	for <apmail-hadoop-yarn-issues-archive@minotaur.apache.org>;
 Fri,  6 Nov 2015 16:52:28 +0000 (UTC)
Received: (qmail 13010 invoked by uid 500); 6 Nov 2015 16:52:28 -0000
Delivered-To: apmail-hadoop-yarn-issues-archive@hadoop.apache.org
Received: (qmail 12965 invoked by uid 500); 6 Nov 2015 16:52:28 -0000
Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:yarn-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:yarn-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:yarn-issues@hadoop.apache.org>
List-Id: <yarn-issues.hadoop.apache.org>
Reply-To: yarn-issues@hadoop.apache.org
Delivered-To: mailing list yarn-issues@hadoop.apache.org
Received: (qmail 12882 invoked by uid 99); 6 Nov 2015 16:52:28 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Nov 2015 16:52:28 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id C1D4F2C1F6D
	for <yarn-issues@hadoop.apache.org>; Fri,  6 Nov 2015 16:52:27 +0000 (UTC)
Date: Fri, 6 Nov 2015 16:52:27 +0000 (UTC)
From: "Jason Lowe (JIRA)" <jira@apache.org>
To: yarn-issues@hadoop.apache.org
Message-ID: <JIRA.12818690.1428352513000.175911.1446828747790@Atlassian.JIRA>
In-Reply-To: <JIRA.12818690.1428352513000@Atlassian.JIRA>
References: <JIRA.12818690.1428352513000@Atlassian.JIRA>
 <JIRA.12818690.1428352513786@arcas>
Subject: [jira] [Commented] (YARN-3452) Bogus token usernames cause many
 invalid group lookups
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/YARN-3452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14993941#comment-14993941 ] 

Jason Lowe commented on YARN-3452:
----------------------------------

Yeah, probably nothing good.  [~gss2002] pointed out HADOOP-12413 which I think will also remove the bogus lookups in practice when users aren't using the reverse ACL feature that was added in HADOOP-10650.  I'll pull that into 2.6 and 2.7, since I think most users won't be using that new feature.  We'll still need to stop using the bogus usernames for those that are using that reverse-ACL feature or if someone else tries to do something with the ugi assuming it actually was a valid user.

> Bogus token usernames cause many invalid group lookups
> ------------------------------------------------------
>
>                 Key: YARN-3452
>                 URL: https://issues.apache.org/jira/browse/YARN-3452
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: security
>            Reporter: Jason Lowe
>
> YARN uses a number of bogus usernames for tokens, like application attempt IDs for NM tokens or even the hardcoded "testing" for the container localizer token.  These tokens cause the RPC layer to do group lookups on these bogus usernames which will never succeed but can take a long time to perform.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)