[
https://issues.apache.org/jira/browse/YARN-707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13751379#comment-13751379
]
Jason Lowe commented on YARN-707:
---------------------------------
I don't believe they do, as ClientToAMTokenSecretManagerInRM doesn't have any
built-in persistence (i.e: doesn't extend AbstractDelegationTokenSecretManager)
and the only place I saw it grabbing the master key for an app-attempt was when
it sent it over to the attempt when it registered. I didn't see any place it
was explicitly persisted. The client-to-AM token was persisted, but it makes
no sense to do so now that they need to be per-client tokens and not
per-app-attempt tokens.
If there is a place where the ClientToAMTokenSecretManagerInRM master keys are
being persisted that I missed, please let me know. I'd hate to add unnecessary
persistence ops.
> Add user info in the YARN ClientToken
> -------------------------------------
>
> Key: YARN-707
> URL: https://issues.apache.org/jira/browse/YARN-707
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Bikas Saha
> Assignee: Jason Lowe
> Fix For: 3.0.0, 2.1.1-beta
>
> Attachments: YARN-707-20130822.txt
>
>
> If user info is present in the client token then it can be used to do limited
> authz in the AM.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
