[
https://issues.apache.org/jira/browse/YARN-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13647242#comment-13647242
]
Vinod Kumar Vavilapalli commented on YARN-617:
----------------------------------------------
bq. Are you saying the goal is to auth container launches with the am token too?
Yes. All communication with NM to be authenticated by AMToken.
We could keep it separate from startContainer() and stop/getStatus, but we want
to solve YARN-613 too. Having the authentication via container-token is forcing
us to create a connection per-container. You must have seen the gory MR
ContainerLauncher resorting to tricks like creating lots of threads, opening
and closing connections immediately to avoid hitting ulimits etc. Some of that
ugliness will go away if we perform all authentication using AMTokens and use
ContainerTokens for authorization.
Thanks for the tip on HADOOP-8783/HADOOP-8784.
> In unsercure mode, AM can fake resource requirements
> -----------------------------------------------------
>
> Key: YARN-617
> URL: https://issues.apache.org/jira/browse/YARN-617
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Omkar Vinit Joshi
> Priority: Minor
> Attachments: YARN-617.20130501.1.patch, YARN-617.20130501.patch
>
>
> Without security, it is impossible to completely avoid AMs faking resources.
> We can at the least make it as difficult as possible by using the same
> container tokens and the RM-NM shared key mechanism over unauthenticated
> RM-NM channel.
> In the minimum, this will avoid accidental bugs in AMs in unsecure mode.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
