[
https://issues.apache.org/jira/browse/YARN-1841?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod Kumar Vavilapalli updated YARN-1841:
------------------------------------------
Priority: Major (was: Blocker)
In the ApplicationMaster protocols, we force-use Token authentication even when
kerberos is not enabled. This originally started with YARN-617 in YARN. Hadoop
overall itself is separating kerberos auth from tokens via HADOOP-8779. That's
the rationale.
For now, there is no way at present to disable it - by design. We don't want to
blindly disable it, atleast on the ContainerManagement side (due to YARN-617).
You can follow other examples like distributed-shell to pass the tokens along.
Downgrading priority for now.
> YARN ignores/overrides explicit security settings
> -------------------------------------------------
>
> Key: YARN-1841
> URL: https://issues.apache.org/jira/browse/YARN-1841
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.3.0
> Reporter: Oleg Zhurakousky
>
> core-site.xml explicitly sets authentication as SIMPLE
> {code}
> <property>
> <name>hadoop.security.authentication</name>
> <value>simple</value>
> <description>Simple authentication</description>
> </property>
> {code}
> However any attempt to register ApplicationMaster on the remote YARN cluster
> results in
> {code}
> org.apache.hadoop.security.AccessControlException: SIMPLE authentication is
> not enabled. Available:[TOKEN]
> . . .
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
