[ 
https://issues.apache.org/jira/browse/YARN-2228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14058523#comment-14058523
 ] 

Vinod Kumar Vavilapalli commented on YARN-2228:
-----------------------------------------------

Tx.. Quick replies..

Anonymous access makes sense for web UIs and getter REST APIs. Not so much for 
POST APIs. My proposal is to just mandate owner as non-null on the server-side 
irrespective of the authentication mechanism.

Re tests, the thing is we aren't sure if both the simple and DT auth are 
working or not after this patch, unless we test manually. Can you file a tests' 
JIRA immediately and link to this one?

Can we rename the configs to be 
yarn.timeline-service.http-authentication.simple.anonymous.allowed and 
yarn.timeline-service.http-authentication.type?

> TimelineServer should load pseudo authentication filter when authentication = 
> simple
> ------------------------------------------------------------------------------------
>
>                 Key: YARN-2228
>                 URL: https://issues.apache.org/jira/browse/YARN-2228
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2228.1.patch, YARN-2228.2.patch, YARN-2228.3.patch, 
> YARN-2228.4.patch
>
>
> When kerberos authentication is not enabled, we should let the timeline 
> server to work with pseudo authentication filter. In this way, the sever is 
> able to detect the request user by checking "user.name".
> On the other hand, timeline client should append "user.name" in un-secure 
> case as well, such that ACLs can keep working in this case. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to