[ 
https://issues.apache.org/jira/browse/YARN-2228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Zhijie Shen updated YARN-2228:
------------------------------

    Attachment: YARN-2228.2.patch

bq. Can you split up the individual tests so that the conditions are easier to 
understand? Something like

Nice refactoring suggestion. Thanks!

bq. Maybe we should just use the hadoop.http.authentication.* instead of a new 
subset?

I used to choose have timeline prefix configuration names to prevent affecting 
other components. Before we making http authentication for RM and timeline, web 
HDFS is the only component that is using the feature to support Oozie. Now if 
we keep using these configures in core-site.xml, all the three daemons are 
going to have same settings (unless we prepare different core-site.xml), while 
I think it should be good to allow flexible configurations for each individual 
daemons.

> TimelineServer should load pseudo authentication filter when authentication = 
> simple
> ------------------------------------------------------------------------------------
>
>                 Key: YARN-2228
>                 URL: https://issues.apache.org/jira/browse/YARN-2228
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2228.1.patch, YARN-2228.2.patch
>
>
> When kerberos authentication is not enabled, we should let the timeline 
> server to work with pseudo authentication filter. In this way, the sever is 
> able to detect the request user by checking "user.name".
> On the other hand, timeline client should append "user.name" in un-secure 
> case as well, such that ACLs can keep working in this case. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to