[
https://issues.apache.org/jira/browse/YARN-1573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karthik Kambatla updated YARN-1573:
-----------------------------------
Attachment: yarn-1573-1.patch
Trivial patch that uses a random number instead of cluster-timestamp. Even
though it is unlikely, it is okay for the random numbers generated to be same
as the usernames are different. We only care about a malicious user not being
able to guess the password. Further, users can set their own ACLs for the root
node for even better security.
> ZK store should pick a private password for root-node-acls
> ----------------------------------------------------------
>
> Key: YARN-1573
> URL: https://issues.apache.org/jira/browse/YARN-1573
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: resourcemanager
> Affects Versions: 2.4.0
> Reporter: Karthik Kambatla
> Assignee: Karthik Kambatla
> Attachments: yarn-1573-1.patch
>
>
> Currently, when HA is enabled, ZK store uses cluster-timestamp as the
> password for root node ACLs to give the Active RM exclusive access to the
> store. A more private value like a random number might be better.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
