Eric Yang created YARN-8571:
-------------------------------
Summary: Validate service principal format prior to launching yarn
service
Key: YARN-8571
URL: https://issues.apache.org/jira/browse/YARN-8571
Project: Hadoop YARN
Issue Type: Bug
Components: security, yarn
Affects Versions: 3.1.0
Reporter: Eric Yang
Assignee: Eric Yang
Hadoop client and server interaction is designed to validate the service
principal before RPC request is permitted. In YARN service, the same security
model is enforced to prevent replay attack. However, end user might submit
JSON that looks like this to YARN service REST API:
{code}
{
"name": "sleeper-service",
"version": "1.0.0",
"components" :
[
{
"name": "sleeper",
"number_of_containers": 2,
"launch_command": "sleep 900000",
"resource": {
"cpus": 1,
"memory": "256"
}
}
],
"kerberos_principal" : {
"principal_name" : "[email protected]",
"keytab" : "file:///etc/security/keytabs/smokeuser.headless.keytab"
}
}
{code}
The kerberos principal is end user kerberos principal instead of service
principal. This does not work properly because YARN service application master
requires to run with a service principal to communicate with YARN CLI client
via Hadoop RPC. Without breaking Hadoop security design in this JIRA, it might
be in our best interest to validate principal_name during submission, and
report error message when someone tries to run YARN service with user principal.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
