Ravi Prakash commented on YARN-2424:

Hi Tucu! The intention was for this to be a useful thing to do as an 
intermediate step when migrating from an insecure cluster to a Kerberized 
cluster. This would let people test their provisioning of unix users without 
having to deal with Kerberos issues.
Could you please answer my question?
bq. So if we enforced the use of several least privileged users (instead of 
only 1), is that not just as secure?

> LCE should support non-cgroups, non-secure mode
> -----------------------------------------------
>                 Key: YARN-2424
>                 URL: https://issues.apache.org/jira/browse/YARN-2424
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.3.0, 2.4.0, 2.5.0, 2.4.1
>            Reporter: Allen Wittenauer
>            Priority: Blocker
>         Attachments: YARN-2424.patch
> After YARN-1253, LCE no longer works for non-secure, non-cgroup scenarios.  
> This is a fairly serious regression, as turning on LCE prior to turning on 
> full-blown security is a fairly standard procedure.

This message was sent by Atlassian JIRA

Reply via email to