[
https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15655625#comment-15655625
]
Sangjin Lee commented on YARN-3053:
-----------------------------------
Thanks [~varun_saxena] for putting together the proposal! It's a great start.
Sorry it took me a while to get to this.
I have a couple of quick questions (maybe more to follow):
- How do other NMs (that are running the containers) authenticate? I don’t
think they can do a real authentication. Then how would they get the delegation
token for the app? To solve this, would we be able to allow YARN daemons to
access and look up the DTs from RM?
- How would each option handle the case of AM failures (and subsequent
relaunching of app attempts and/or the timeline collector on another node)? It
wasn’t very clear to me…
> [Security] Review and implement security in ATS v.2
> ---------------------------------------------------
>
> Key: YARN-3053
> URL: https://issues.apache.org/jira/browse/YARN-3053
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Sangjin Lee
> Assignee: Varun Saxena
> Labels: YARN-5355
> Attachments: ATSv2Authentication(draft).pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for
> security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and
> any other relevant security aspects.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
