[jira] [Comment Edited] (SLIDER-742) Slider AM secure configuration

Tue, 13 Jan 2015 23:26:00 -0800 

    [ 
https://issues.apache.org/jira/browse/SLIDER-742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14276593#comment-14276593
 ] 

Yang Hao edited comment on SLIDER-742 at 1/14/15 7:23 AM:
----------------------------------------------------------

Hi I have read the http://slider.incubator.apache.org/docs/security.html twice.

When configured {{hadoop.security.authentication}} and 
{{hadoop.security.authorization}}, Slider will use the feature: using keytab to 
get authorized. The keytab file will be loaded through code 
{{SliderAMClientProvider.addKeytabResourceIfNecessary()}} , and checking code 
is {{UserGroupcInformation.isSecurityEnabled()}} which  will use the Hadoop 
configuration.

 Then question is here:

 # If I want to use the token provided by RM in secured Hadoop, it won't happen 
because the two configs have been in the Hadoop configuration file 
{{core-site.xml}}
 # When configured, why I don't get the keytab file 
${AGENT_WORK_ROOT}/keytabs/h_yanghao3.keytab in a service like memcached, which 
may operate hdfs and want to be authorized. 


was (Author: yanghaogn):
Hi I have read the http://slider.incubator.apache.org/docs/security.html twice.

When configured {{hadoop.security.authentication}} and 
{{hadoop.security.authorization}}, Slider will use the feature: using keytab to 
get authorized. The keytab file will be loaded through code 
{{SliderAMClientProvider.addKeytabResourceIfNecessary()}} , and checking code 
is {{UserGroupcInformation.isSecurityEnabled()}} which  will use the Hadoop 
configuration.

 Then question is here:

 # If I want to use the token provided by RM in secured Hadoop, it won't happen 
because the two configs have been in the Hadoop configuration file 
{{core-site.xml}}
 # When configured, why I don't get the keytab file 
${AGENT_WORK_ROOT}/keytabs/${user}.keytab in a service like memcached, which 
may operate hdfs and want to be authorized. 

> Slider AM secure configuration
> ------------------------------
>
>                 Key: SLIDER-742
>                 URL: https://issues.apache.org/jira/browse/SLIDER-742
>             Project: Slider
>          Issue Type: Bug
>          Components: appmaster
>    Affects Versions: Slider 0.60
>         Environment: Secured Hadoop
>            Reporter: Yang Hao
>
> Running in secured Hadoop cluster, when I don't set secured-related 
> configuration for SliderAM, an error is out:
>  "hdfs://lgtst-xiaomi/user/h_yanghao3/.slider/cluster/hbase1/keytabs': No 
> such file or directory".
> For that the token has been sent to SliderAM working dir as file  
> container_tokens, can we use this, just like what MapReduceAM does?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to