Hi,
I’m using the YARN Timeline Server v1 from Hadoop 2.7.7, and I want the
Timeline Server to be secure.
To configure Kerberos authentication and authorization, I set the followings in
yarn-site.xml:
- yarn.timeline-service.http-authentication.type: kerberos
- yarn.timeline-service.http-authentication.kerberos.principal
- yarn.timeline-service.http-authentication.kerberos.keytab
- yarn.acl.enable: true
- yarn.admin.acl: (space)
However, as far as I know, anyone who has a Kerberos ticket can create a new
Timeline domain unless the ID of the domain already exists. After then, the one
can post timeline entities to the domain.
My question is, is there any way to restrict users who can post domains and
entities to Timeline Server without modifying Hadoop source codes?
Best regards,
Junseung.
