[
https://issues.apache.org/jira/browse/YARN-279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13538199#comment-13538199
]
Daryn Sharp commented on YARN-279:
----------------------------------
I'd have concerns that a 6 month expiration provides a huge window of
vulnerability for stolen tokens. Initial expiration is a tangent issue from
how to ensure renewer code is available. However, I've actually got a patch up
on YARN-280 for job submission to fail if submitted tokens are invalid.
Another problem with 6 expiration is that token issuers often hold tokens in
memory, plus token requesters often do a poor job (as in never) of canceling
tokens. That would cause some serious memory bloat...
> Generalize RM token management
> ------------------------------
>
> Key: YARN-279
> URL: https://issues.apache.org/jira/browse/YARN-279
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: resourcemanager
> Affects Versions: 3.0.0, 2.0.0-alpha, 0.23.5
> Reporter: Daryn Sharp
>
> Token renewal/cancelation in the RM presents challenges to support arbitrary
> tokens. The RM's CLASSPATH is currently required to have token renewer
> classes and all associated classes for the project's client. The logistics
> of having installs on the RM of all hadoop projects that submit jobs - just
> to support client connections to renew/cancel tokens - are untenable.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
