[
https://issues.apache.org/jira/browse/YARN-8593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16563147#comment-16563147
]
Rohith Sharma K S commented on YARN-8593:
-----------------------------------------
As discussed with Akhil offline, YARN UI doesn't have centralized login
mechanism. The username that shows up in UI2 is same as kerborse user who is
logged in local machine. While accessing UI2 from kerborse logged in user, it
is perfectly fine as long as kerborse user query RM REST end points.
But when UI2 is integrated with KNOX(SSO or Proxy), the response sent by RM is
authenticated user instead of proxy user. It means browser is started with
kerborse userX and accessing RM Rest end points via knox(sso/proxy). In such
scenario, RM sends back list of applications for knox user instead of userX.
End user gets confused with the results sent by RM. This is basic design done
by Hadoop since beginning. cc:/ [~sunilg] [~akhilpb] correct me if my
understanding is not correct
In order to display logged in user when knox(sso/proxy) is enabled, it is
required to know who is sending request. In above case, though userX is browser
logged in user, knox is proxy-ing the incoming request. It is always good to
display authenticated user in browser which eliminates lot of confusion to end
use.
> Add new RM web service endpoint to get cluster user info
> --------------------------------------------------------
>
> Key: YARN-8593
> URL: https://issues.apache.org/jira/browse/YARN-8593
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Reporter: Akhil PB
> Assignee: Akhil PB
> Priority: Major
> Attachments: YARN-8593.001.patch, YARN-8593.002.patch
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
