[jira] [Updated] (SPARK-8129) Securely pass auth secrets to executors in standalone cluster mode

Fri, 05 Jun 2015 17:38:05 -0700 

     [ 
https://issues.apache.org/jira/browse/SPARK-8129?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kan Zhang updated SPARK-8129:
-----------------------------
    Summary: Securely pass auth secrets to executors in standalone cluster mode 
 (was: Securely pass auth secret to executors in standalone cluster mode)

> Securely pass auth secrets to executors in standalone cluster mode
> ------------------------------------------------------------------
>
>                 Key: SPARK-8129
>                 URL: https://issues.apache.org/jira/browse/SPARK-8129
>             Project: Spark
>          Issue Type: New Feature
>          Components: Deploy, Spark Core
>            Reporter: Kan Zhang
>            Priority: Critical
>
> Currently, when authentication is turned on, cluster manager passes auth 
> secrets to executors (also drivers in cluster mode) as java options on the 
> command line, which isn't secure. The passed secret can be seen by anyone 
> running 'ps' command, e.g.,
> bq.  501 94787 94734   0  2:32PM ??         0:00.78 
> /Library/Java/JavaVirtualMachines/jdk1.7.0_60.jdk/Contents/Home/jre/bin/java 
> -cp 
> /Users/kan/github/spark/sbin/../conf/:/Users/kan/github/spark/assembly/target/scala-2.10/spark-assembly-1.4.0-SNAPSHOT-hadoop2.3.0.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-api-jdo-3.2.6.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-core-3.2.10.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-rdbms-3.2.9.jar
>  -Xms512M -Xmx512M 
> *-Dspark.authenticate.secret=090A030E0F0A05010900000A0C0E0C0B03050D05* 
> -Dspark.driver.port=49625 -Dspark.authenticate=true -XX:MaxPermSize=128m 
> org.apache.spark.executor.CoarseGrainedExecutorBackend --driver-url 
> akka.tcp://[email protected]:49625/user/CoarseGrainedScheduler 
> --executor-id 0 --hostname 192.168.1.152 --cores 8 --app-id 
> app-20150605143259-0000 --worker-url 
> akka.tcp://[email protected]:49623/user/Worker



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to