[
https://issues.apache.org/jira/browse/YARN-707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13757890#comment-13757890
]
Daryn Sharp commented on YARN-707:
----------------------------------
Still reviewing, but an initial observation is
{{ClientToAMSecretManager#getMasterKey}} is fabricating a new secret key if
there is no pre-existing key for the appId. This should be an error condition.
The secret manager knows the secret key for the specific app so there's no
need to ever generate a secret key, right? Else I can flood the AM with
invalid appIds to make it go OOM from generating secret keys for invalid appIds.
> Add user info in the YARN ClientToken
> -------------------------------------
>
> Key: YARN-707
> URL: https://issues.apache.org/jira/browse/YARN-707
> Project: Hadoop YARN
> Issue Type: Improvement
> Reporter: Bikas Saha
> Assignee: Jason Lowe
> Priority: Blocker
> Fix For: 3.0.0, 2.1.1-beta
>
> Attachments: YARN-707-20130822.txt, YARN-707-20130827.txt,
> YARN-707-20130828-2.txt, YARN-707-20130828.txt, YARN-707-20130829.txt,
> YARN-707-20130830.branch-0.23.txt
>
>
> If user info is present in the client token then it can be used to do limited
> authz in the AM.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
