[
https://issues.apache.org/jira/browse/MAPREDUCE-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12773596#action_12773596
]
Kan Zhang commented on MAPREDUCE-1026:
--------------------------------------
@Devaraj
> Since the token will be used (later on in a separate jira) to bootstrap even
> the task<->TT mutual authentication
Are you talking about Task<->TT heartbeats over RPC? For this connection, I
suggest we use a separate key (in the format of Delegation token) that is
generated by TT and given to Task just before it is launched. This way the key
is known only to the local task and helps prevent Tasks running on other
machines connecting this TT accidentally. In terms of implementation, TT can do
this in the same way that NN does, e.g., instantiate a DelegationTokenHandler
for generating Delegation token and couple it with RPC (no need to persist the
MasterKey though).
> Shuffle should be secure
> ------------------------
>
> Key: MAPREDUCE-1026
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1026
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: security
> Reporter: Owen O'Malley
> Assignee: Boris Shkolnik
> Attachments: MAPREDUCE-1026.patch, MAPREDUCE-1026.patch
>
>
> Since the user's data is available via http from the TaskTrackers, we should
> require a job-specific secret to access it.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
