[
https://issues.apache.org/jira/browse/YARN-707?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jason Lowe reassigned YARN-707:
-------------------------------
Assignee: Jason Lowe (was: Vinod Kumar Vavilapalli)
In order for YARN applications to implement their own ACLs properly they need
to know who is connecting. That requires the client-to-AM token to report the
user who requested the client token from the RM rather than the user who
submitted the app.
This means we cannot generate the client-to-AM token once upon app startup but
rather have to generate it on demand each time an application report is
requested by a client. The good news is that we don't need to persist all of
these tokens for RM restart purposes. All we need to persist is the single
master key used to generate these tokens, so if the RM restarts and re-acquires
an already running AM it can continue to issue new tokens for clients of that
already running AM. New AM attempts will generate a new master key as they do
today.
I'll take a crack at this.
> Add user info in the YARN ClientToken
> -------------------------------------
>
> Key: YARN-707
> URL: https://issues.apache.org/jira/browse/YARN-707
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Bikas Saha
> Assignee: Jason Lowe
> Fix For: 3.0.0, 2.1.1-beta
>
> Attachments: YARN-707-20130822.txt
>
>
> If user info is present in the client token then it can be used to do limited
> authz in the AM.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
