[
https://issues.apache.org/jira/browse/MAPREDUCE-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12773396#action_12773396
]
Devaraj Das commented on MAPREDUCE-1026:
----------------------------------------
Looked at the patch in brief. Some first level comments:
1) Remove the method setJobTokenFile from JobConf. This is really a TT-Task
configuration.
2) It probably makes sense to have the task read the configuration from the
localized file directly. Since the token will be used (later on in a separate
jira) to bootstrap even the task<->TT mutual authentication, it it better to
check permissions on the localized file before trusting the key. The other
option is to have the task read it from the hdfs..
3) What happens if the shuffle fails due to authentication problems? Maybe that
needs to be handled specially w.r.t things like fetch failure notifications,
and the reduce task killing itself after some trials..
4) The JobTracker should create the job-token file during running initTasks for
the job in question.
> Shuffle should be secure
> ------------------------
>
> Key: MAPREDUCE-1026
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1026
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: security
> Reporter: Owen O'Malley
> Assignee: Boris Shkolnik
> Attachments: MAPREDUCE-1026.patch, MAPREDUCE-1026.patch
>
>
> Since the user's data is available via http from the TaskTrackers, we should
> require a job-specific secret to access it.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
