[
https://issues.apache.org/jira/browse/MAPREDUCE-6838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16134019#comment-16134019
]
Varun Saxena commented on MAPREDUCE-6838:
-----------------------------------------
bq. today, for other delegation tokens RMDelegationToken, the old ATSv1
DelegationToken, the token service is not set at server side, it is set at
client side - the client call the SecurityUtils#buildTokenService and then set
the token service.
I thought about this option too. But the issue I see here is that
DelegationTokenAuthenticatedURL(used by TimelineV2ClientImpl) uses use_ip
config and then each AM(if it does not use kerberos), will have to then write
the code to sanitize the service coming in the token or fill the service based
on collector address when token comes. This would not be done transparently.
Currently we do this transparently for ATSv1 in YarnClientImpl
> [ATSv2 Security] Add timeline delegation token received in allocate response
> to UGI
> -----------------------------------------------------------------------------------
>
> Key: MAPREDUCE-6838
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-6838
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Reporter: Varun Saxena
> Assignee: Varun Saxena
> Labels: yarn-5355-merge-blocker
> Fix For: YARN-5355
>
> Attachments: MAPREDUCE-6838-YARN-5355.01.patch,
> MAPREDUCE-6838-YARN-5355.02.patch, MAPREDUCE-6838-YARN-5355.03.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
