[jira] [Updated] (YARN-8571) Validate service principal format prior to launching yarn service
[
https://issues.apache.org/jira/browse/YARN-8571?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Billie Rinaldi updated YARN-8571:
-
Affects Version/s: 3.1.1
> Validate service principal format prior to launching yarn service
> -
>
> Key: YARN-8571
> URL: https://issues.apache.org/jira/browse/YARN-8571
> Project: Hadoop YARN
> Issue Type: Bug
> Components: security, yarn
>Affects Versions: 3.1.0, 3.1.1
>Reporter: Eric Yang
>Assignee: Eric Yang
>Priority: Major
> Fix For: 3.2.0, 3.1.2
>
> Attachments: YARN-8571.001.patch, YARN-8571.002.patch
>
>
> Hadoop client and server interaction is designed to validate the service
> principal before RPC request is permitted. In YARN service, the same
> security model is enforced to prevent replay attack. However, end user
> might submit JSON that looks like this to YARN service REST API:
> {code}
> {
> "name": "sleeper-service",
> "version": "1.0.0",
> "components" :
> [
> {
> "name": "sleeper",
> "number_of_containers": 2,
> "launch_command": "sleep 90",
> "resource": {
> "cpus": 1,
> "memory": "256"
> }
> }
> ],
> "kerberos_principal" : {
> "principal_name" : "ambari...@example.com",
> "keytab" : "file:///etc/security/keytabs/smokeuser.headless.keytab"
> }
> }
> {code}
> The kerberos principal is end user kerberos principal instead of service
> principal. This does not work properly because YARN service application
> master requires to run with a service principal to communicate with YARN CLI
> client via Hadoop RPC. Without breaking Hadoop security design in this JIRA,
> it might be in our best interest to validate principal_name during
> submission, and report error message when someone tries to run YARN service
> with user principal.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-8571) Validate service principal format prior to launching yarn service
[
https://issues.apache.org/jira/browse/YARN-8571?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-8571:
Attachment: YARN-8571.002.patch
> Validate service principal format prior to launching yarn service
> -
>
> Key: YARN-8571
> URL: https://issues.apache.org/jira/browse/YARN-8571
> Project: Hadoop YARN
> Issue Type: Bug
> Components: security, yarn
>Affects Versions: 3.1.0
>Reporter: Eric Yang
>Assignee: Eric Yang
>Priority: Major
> Attachments: YARN-8571.001.patch, YARN-8571.002.patch
>
>
> Hadoop client and server interaction is designed to validate the service
> principal before RPC request is permitted. In YARN service, the same
> security model is enforced to prevent replay attack. However, end user
> might submit JSON that looks like this to YARN service REST API:
> {code}
> {
> "name": "sleeper-service",
> "version": "1.0.0",
> "components" :
> [
> {
> "name": "sleeper",
> "number_of_containers": 2,
> "launch_command": "sleep 90",
> "resource": {
> "cpus": 1,
> "memory": "256"
> }
> }
> ],
> "kerberos_principal" : {
> "principal_name" : "ambari...@example.com",
> "keytab" : "file:///etc/security/keytabs/smokeuser.headless.keytab"
> }
> }
> {code}
> The kerberos principal is end user kerberos principal instead of service
> principal. This does not work properly because YARN service application
> master requires to run with a service principal to communicate with YARN CLI
> client via Hadoop RPC. Without breaking Hadoop security design in this JIRA,
> it might be in our best interest to validate principal_name during
> submission, and report error message when someone tries to run YARN service
> with user principal.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-8571) Validate service principal format prior to launching yarn service
[
https://issues.apache.org/jira/browse/YARN-8571?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-8571:
Attachment: YARN-8571.001.patch
> Validate service principal format prior to launching yarn service
> -
>
> Key: YARN-8571
> URL: https://issues.apache.org/jira/browse/YARN-8571
> Project: Hadoop YARN
> Issue Type: Bug
> Components: security, yarn
>Affects Versions: 3.1.0
>Reporter: Eric Yang
>Assignee: Eric Yang
>Priority: Major
> Attachments: YARN-8571.001.patch
>
>
> Hadoop client and server interaction is designed to validate the service
> principal before RPC request is permitted. In YARN service, the same
> security model is enforced to prevent replay attack. However, end user
> might submit JSON that looks like this to YARN service REST API:
> {code}
> {
> "name": "sleeper-service",
> "version": "1.0.0",
> "components" :
> [
> {
> "name": "sleeper",
> "number_of_containers": 2,
> "launch_command": "sleep 90",
> "resource": {
> "cpus": 1,
> "memory": "256"
> }
> }
> ],
> "kerberos_principal" : {
> "principal_name" : "ambari...@example.com",
> "keytab" : "file:///etc/security/keytabs/smokeuser.headless.keytab"
> }
> }
> {code}
> The kerberos principal is end user kerberos principal instead of service
> principal. This does not work properly because YARN service application
> master requires to run with a service principal to communicate with YARN CLI
> client via Hadoop RPC. Without breaking Hadoop security design in this JIRA,
> it might be in our best interest to validate principal_name during
> submission, and report error message when someone tries to run YARN service
> with user principal.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
