[jira] [Commented] (YARN-8571) Validate service principal format prior to launching yarn service

Thu, 26 Jul 2018 13:55:30 -0700 


    [ 
https://issues.apache.org/jira/browse/YARN-8571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16558880#comment-16558880
 ] 

Eric Yang commented on YARN-8571:
---------------------------------

Patch 002 added error handling for NPE.

> Validate service principal format prior to launching yarn service
> -----------------------------------------------------------------
>
>                 Key: YARN-8571
>                 URL: https://issues.apache.org/jira/browse/YARN-8571
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: security, yarn
>    Affects Versions: 3.1.0
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>            Priority: Major
>         Attachments: YARN-8571.001.patch, YARN-8571.002.patch
>
>
> Hadoop client and server interaction is designed to validate the service 
> principal before RPC request is permitted.  In YARN service, the same 
> security model is enforced to prevent replay attack.   However, end user 
> might submit JSON that looks like this to YARN service REST API:
> {code}
> {
>   "name": "sleeper-service",
>   "version": "1.0.0",
>   "components" :
>   [
>     {
>       "name": "sleeper",
>       "number_of_containers": 2,
>       "launch_command": "sleep 900000",
>       "resource": {
>         "cpus": 1,
>         "memory": "256"
>       }
>     }
>   ],
>   "kerberos_principal" : {
>     "principal_name" : "[email protected]",
>     "keytab" : "file:///etc/security/keytabs/smokeuser.headless.keytab"
>   }
> }
> {code}
> The kerberos principal is end user kerberos principal instead of service 
> principal.  This does not work properly because YARN service application 
> master requires to run with a service principal to communicate with YARN CLI 
> client via Hadoop RPC.  Without breaking Hadoop security design in this JIRA, 
> it might be in our best interest to validate principal_name during 
> submission, and report error message when someone tries to run YARN service 
> with user principal.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to