> On April 26, 2016, 7:33 p.m., Yi Pan (Data Infrastructure) wrote: > > docs/learn/documentation/versioned/yarn/yarn-security.md, line 28 > > <https://reviews.apache.org/r/46282/diff/2/?file=1347140#file1347140line28> > > > > nit: remove *config*, we can directly refer to the coordinator stream > > Yi Pan (Data Infrastructure) wrote: > One more: it would be good to elaborate the reason not to put the keytab > file in the coordinator stream as well. I assume that the reason is that > secured HDFS file system is protected via kerberos, while coordinator stream > is not??
For both keytab and refreshed credentials, HDFS is the only place that is secure via Kerberos for now. Regarding keytab file, the Hadoop log in API can only deal with a keytab file. If being stored in a coordinator stream, the Application Master will want to localize the bytes stream into a local file and has to deal with this at application level. So it adds a bit complexity. Regarding refreshed credentials, it can be potentially exchanged on the coordinator stream, as Hadoop supports both APIs to read credentials from HDFS and a generic stream. Once we have coordinator stream secured, we can revisit this. - Chen ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/46282/#review130660 ----------------------------------------------------------- On April 15, 2016, 10:09 p.m., Chen Song wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/46282/ > ----------------------------------------------------------- > > (Updated April 15, 2016, 10:09 p.m.) > > > Review request for samza. > > > Repository: samza > > > Description > ------- > > SAMZA-928 document Kerberos on YARN > > > Diffs > ----- > > docs/learn/documentation/versioned/jobs/yarn-jobs.md 827cc14 > docs/learn/documentation/versioned/yarn/isolation.md 1eb3bf5 > docs/learn/documentation/versioned/yarn/yarn-security.md PRE-CREATION > > Diff: https://reviews.apache.org/r/46282/diff/ > > > Testing > ------- > > > Thanks, > > Chen Song > >
