[jira] [Commented] (MAPREDUCE-3940) ContainerTokens should have an expiry interval

Wed, 11 Jul 2012 06:48:39 -0700 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-3940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13411503#comment-13411503
 ] 

Daryn Sharp commented on MAPREDUCE-3940:
----------------------------------------

True, the expiry check can't be universal for all operations.  An expiry check 
in the secret manager wouldn't necessary have to be automatically invoked 
during token validation at the RPC level.  It could just be a method that is 
called when validating the token for a start container.  It's not a big deal, 
but having the expiry validation outside the secret manager seems a bit odd 
since the expiry is an implementation detail of the secret manager.

After more throughly reviewing the code, it doesn't appear the tokens expire 
after the container completes?  More importantly, the token doesn't appear to 
become invalid for launching a container after the token has already been used 
to launch a container?
                
> ContainerTokens should have an expiry interval
> ----------------------------------------------
>
>                 Key: MAPREDUCE-3940
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-3940
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: mrv2, security
>    Affects Versions: 0.23.0
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>             Fix For: 0.23.3
>
>         Attachments: MAPREDUCE-3940-20120308.txt, 
> MAPREDUCE-3940-20120416.txt, MAPREDUCE-3940-20120425.txt, 
> MAPREDUCE-3940-20120709.txt, MAPREDUCE-3940-20120710.txt, MR3940.txt, 
> MR3940.txt
>
>
>  - RM should generate the expiry time for a container
>  - A ContainerToken should have its expire time encoded
>  - NMs should reject containers with expired tokens.
>  - Expiry interval for a ContainerToken is same as the expiry interval for a 
> container.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to