[
https://issues.apache.org/jira/browse/MAPREDUCE-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13000088#comment-13000088
]
Hadoop QA commented on MAPREDUCE-1959:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12453548/m1959-05.patch
against trunk revision 1074251.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed core unit tests.
-1 contrib tests. The patch failed contrib unit tests.
+1 system test framework. The patch passed system test framework compile.
Test results:
https://hudson.apache.org/hudson/job/PreCommit-MAPREDUCE-Build/74//testReport/
Findbugs warnings:
https://hudson.apache.org/hudson/job/PreCommit-MAPREDUCE-Build/74//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Console output:
https://hudson.apache.org/hudson/job/PreCommit-MAPREDUCE-Build/74//console
This message is automatically generated.
> Should use long name for token renewer on the client side
> ---------------------------------------------------------
>
> Key: MAPREDUCE-1959
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1959
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: job submission, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: m1959-01.patch, m1959-02.patch, m1959-05.patch
>
>
> When getting a delegation token from a NN, a client needs to specify the
> renewer for the token. For use on a MapRed cluster, JT should be specified as
> the renewer. However, in the current code, the client maps JT's long name
> (Kerberos principal name) to cluster-internal short name and then sets the
> short name as the renewer. This is undesirable for 2 reasons. 1) It's
> unnecessary since NN (or JT) converts client-supplied renewer from long to
> short name anyway. 2) In principle, the mapping from long to short name
> should be done on the server. This is consistent with the authentication
> case, where the client uses the same long name to authenticate to multiple
> servers and servers map client's long name to their own internal short names.
> It facilitates using the same job client to get delegation tokens from
> multiple NN's, which may have different mapping rules for JT.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
