[
https://issues.apache.org/jira/browse/MAPREDUCE-5379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13726830#comment-13726830
]
Alejandro Abdelnur commented on MAPREDUCE-5379:
-----------------------------------------------
I've played around and got Daryn's patch to work. After running the patch by
Andrew Wang (who is doing HDFS-4680) he brought up a a concern with the client
driven tracking approach, "a client can set a rogue trackingId". But with the
sequenceId approach what is in the HDFS audit can fully trusted and tracked to
a user.
One concern Daryn mentioned above with the sequenceId approach was, and also
told me offline, the MR client decoding the token identifier, this could break
things when moving token encoding from writable to protobuff.
To address this, instead of the MR client decoding the token identifier it
would simply do a hash of its byte[] representation without decoding it.
In addition, the MR client should have an option to switch ON/OFF(default) the
DT hash generation/injection in the jobconf.
> Include FS delegation token ID in job conf
> ------------------------------------------
>
> Key: MAPREDUCE-5379
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-5379
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Components: job submission, security
> Affects Versions: 2.1.0-beta
> Reporter: Sandy Ryza
> Assignee: Sandy Ryza
> Attachments: MAPREDUCE-5379-1.patch, MAPREDUCE-5379-2.patch,
> MAPREDUCE-5379.patch
>
>
> Making a job's FS delegation token ID accessible will allow external services
> to associate it with the file system operations it performs.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
