[jira] [Commented] (YARN-617) In unsercure mode, AM can fake resource requirements

Wed, 01 May 2013 06:34:25 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13646572#comment-13646572
 ] 

Daryn Sharp commented on YARN-617:
----------------------------------

bq. we are trying to change the auth to use AMTokens and authorization will 
continue to be via ContainerTokens

I may have misinterpreted the other jira...  I thought the goal is continue to 
auth container launches with a container token, but change status and stop to 
authenticate with the am token?  Are you saying the goal is to auth container 
launches with the am token too?

{quote}bq. A RPC server also enables SASL DIGEST-MD5 if a secret manager is 
active.{quote}
bq. Off topic, but this is what I guessed is the reason underlying YARN-626, do 
you know when this got merged into branch-2?

The SASL changes HADOOP-8783/HADOOP-8784 went in Oct 3-4 2012.  The change 
allowed servers to accept tokens regardless of security setting if a secret 
manager is present, and for clients to always use a token if present regardless 
of security setting.  This didn't change behavior for secure cluster, so 
YARN-626 can't be related because security is enabled and the AM is lacking a 
token for the RM in its UGI.


                
> In unsercure mode, AM can fake resource requirements 
> -----------------------------------------------------
>
>                 Key: YARN-617
>                 URL: https://issues.apache.org/jira/browse/YARN-617
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Minor
>
> Without security, it is impossible to completely avoid AMs faking resources. 
> We can at the least make it as difficult as possible by using the same 
> container tokens and the RM-NM shared key mechanism over unauthenticated 
> RM-NM channel.
> In the minimum, this will avoid accidental bugs in AMs in unsecure mode.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to