[ https://issues.apache.org/jira/browse/AMBARI-18632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Weiwei Yang resolved AMBARI-18632. ---------------------------------- Resolution: Later > Security flaw with adding dr.who into yarn.admin.acl while enabling kerberos > ----------------------------------------------------------------------------- > > Key: AMBARI-18632 > URL: https://issues.apache.org/jira/browse/AMBARI-18632 > Project: Ambari > Issue Type: Bug > Components: security > Affects Versions: 2.3.0, 2.2.0, 2.4.0 > Reporter: Weiwei Yang > Priority: Major > > AMBARI-12415 introduces a major security hole to a secure cluster, it adds > *dr.who* into *yarn.admin.acl*, which grants yarn admin permission to an > anonymous user. It should be reverted. > There is an alternative way of fixing this, see more in HADOOP-13707. Http > service could be non-secure in a kerberized environment, when > hadoop.http.authentication.type=simple, under this situation, the fix of > HADOOP-13707 skips admin checks for static user dr.who. -- This message was sent by Atlassian JIRA (v7.6.3#76005)