[
https://issues.apache.org/jira/browse/YARN-6669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jian He updated YARN-6669:
--------------------------
Description:
Changes include:
- Make registry client to programmatically generate the jaas conf for secure
access ZK quorum
- Create a KerberosPrincipal resource object in REST API for user to supply
keberos keytab and principal
- User has two ways to configure:
-- If keytab starts with "hdfs://", the keytab will be localized by YARN
-- If keytab starts with "file://", it is assumed that the keytab are available
on the localhost.
- AM will use the keytab to log in
- ServiceClient is changed to ask hdfs delegation token when submitting the
service
- AM code will use the tokens when launching containers
- Support kerberized communication between client and
was:
Changes include:
- Make registry client to programmatically generate the jaas conf for secure
access ZK quorum
- Create a KerberosPrincipal resource object in REST API for user to supply
keberos keytab and principal
- User has two ways to configure:
-- If keytab starts with "hdfs://", the keytab will be localized by YARN
-- If keytab starts with "file://", it is assumed that the keytab are available
on the localhost.
- AM will use the keytab to log in
- ServiceClient is changed to ask hdfs delegation token when submitting the
service
- AM code will use the tokens when launching containers
> Support security for YARN service framework
> -------------------------------------------
>
> Key: YARN-6669
> URL: https://issues.apache.org/jira/browse/YARN-6669
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Jian He
> Assignee: Jian He
> Attachments: YARN-6669.01.patch, YARN-6669.02.patch,
> YARN-6669.03.patch, YARN-6669.04.patch, YARN-6669.05.patch,
> YARN-6669.yarn-native-services.01.patch,
> YARN-6669.yarn-native-services.03.patch,
> YARN-6669.yarn-native-services.04.patch,
> YARN-6669.yarn-native-services.05.patch
>
>
> Changes include:
> - Make registry client to programmatically generate the jaas conf for secure
> access ZK quorum
> - Create a KerberosPrincipal resource object in REST API for user to supply
> keberos keytab and principal
> - User has two ways to configure:
> -- If keytab starts with "hdfs://", the keytab will be localized by YARN
> -- If keytab starts with "file://", it is assumed that the keytab are
> available on the localhost.
> - AM will use the keytab to log in
> - ServiceClient is changed to ask hdfs delegation token when submitting the
> service
> - AM code will use the tokens when launching containers
> - Support kerberized communication between client and
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
