[
https://issues.apache.org/jira/browse/YARN-9385?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16795244#comment-16795244
]
Hudson commented on YARN-9385:
------------------------------
SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #16235 (See
[https://builds.apache.org/job/Hadoop-trunk-Commit/16235/])
YARN-9385. Fixed ApiServiceClient to use current UGI. (eyang: rev
19b22c4385a8cf0f89a2ad939380cfd3f033ffdc)
* (edit)
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/test/java/org/apache/hadoop/yarn/service/client/TestApiServiceClient.java
* (edit)
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/main/java/org/apache/hadoop/yarn/service/client/ApiServiceClient.java
> YARN Services with simple authentication doesn't respect current UGI
> --------------------------------------------------------------------
>
> Key: YARN-9385
> URL: https://issues.apache.org/jira/browse/YARN-9385
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: security, yarn-native-services
> Reporter: Todd Lipcon
> Assignee: Eric Yang
> Priority: Major
> Fix For: 3.3.0
>
> Attachments: YARN-9385.001.patch, YARN-9385.002.patch,
> YARN-9385.003.patch, YARN-9385.004.patch, YARN-9385.005.patch
>
>
> The ApiServiceClient implementation appends the current username to the
> request URL for "simple" authentication. However, that username is derived
> from the 'user.name' system property instead of the current UGI. That means
> that username spoofing via the 'HADOOP_USER_NAME' variable doesn't take
> effect for HTTP-based calls in the same manner that it does for RPC-based
> calls.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
