Varun Vasudev commented on YARN-2397:

Thanks for the feedback [~zjshen]. My thinking is that in secure mode, we 
should replace the AuthenticationFilterInitializer with the 
RMAuthenticationInitializer to add support for authentication using delegation 
tokens. In non-secure mode, the RMAuthenticationFilterInitializer and the 
AuthenticationFilterInitializer are the the same so there's no need for any 

However, in non-secure mode, we should have a default filter in case none is 
specified(so that users can use the rm web services), hence the code block for 
non-secure mode.

> RM web interface sometimes returns request is a replay error in secure mode
> ---------------------------------------------------------------------------
>                 Key: YARN-2397
>                 URL: https://issues.apache.org/jira/browse/YARN-2397
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Varun Vasudev
>            Assignee: Varun Vasudev
>            Priority: Critical
>         Attachments: apache-yarn-2397.0.patch, apache-yarn-2397.1.patch
> The RM web interface sometimes returns a request is a replay error if the 
> default kerberos http filter is enabled. This is because it uses the new 
> RMAuthenticationFilter in addition to the AuthenticationFilter. There is a 
> workaround to set 
> "yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled" to false. 
> This bug is to fix the code to use only the RMAuthenticationFilter and not 
> both.

This message was sent by Atlassian JIRA

Reply via email to