[
https://issues.apache.org/jira/browse/YARN-707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748999#comment-13748999
]
Daryn Sharp commented on YARN-707:
----------------------------------
It almost seems like it would be better to invert the approach to be more
consistent with other tokens - the owner of the token is the user (not the app
attempt) and there's a new field for the app attempt (instead of a new field
for the user).
Another thought would be leverage the existing real/effective user in the
token. One is the submitter, the other is the app attempt. Logging that
includes the UGI will show "appAttempt (auth:...) via daryn (auth:...)", or
vice-versa for the users.
Thoughts?
> Add user info in the YARN ClientToken
> -------------------------------------
>
> Key: YARN-707
> URL: https://issues.apache.org/jira/browse/YARN-707
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Bikas Saha
> Assignee: Vinod Kumar Vavilapalli
> Attachments: YARN-707-20130822.txt
>
>
> If user info is present in the client token then it can be used to do limited
> authz in the AM.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
