[ https://issues.apache.org/jira/browse/YARN-707?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13757890#comment-13757890 ]
Daryn Sharp commented on YARN-707: ---------------------------------- Still reviewing, but an initial observation is {{ClientToAMSecretManager#getMasterKey}} is fabricating a new secret key if there is no pre-existing key for the appId. This should be an error condition. The secret manager knows the secret key for the specific app so there's no need to ever generate a secret key, right? Else I can flood the AM with invalid appIds to make it go OOM from generating secret keys for invalid appIds. > Add user info in the YARN ClientToken > ------------------------------------- > > Key: YARN-707 > URL: https://issues.apache.org/jira/browse/YARN-707 > Project: Hadoop YARN > Issue Type: Improvement > Reporter: Bikas Saha > Assignee: Jason Lowe > Priority: Blocker > Fix For: 3.0.0, 2.1.1-beta > > Attachments: YARN-707-20130822.txt, YARN-707-20130827.txt, > YARN-707-20130828-2.txt, YARN-707-20130828.txt, YARN-707-20130829.txt, > YARN-707-20130830.branch-0.23.txt > > > If user info is present in the client token then it can be used to do limited > authz in the AM. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira