[
https://issues.apache.org/jira/browse/YARN-2798?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14194183#comment-14194183
]
Vinod Kumar Vavilapalli commented on YARN-2798:
-----------------------------------------------
Looked at the patch.
I get to say [I told you
so|https://issues.apache.org/jira/browse/YARN-2770?focusedCommentId=14190998&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14190998]
:)
I don't understand why you are using timelineHost to resolve the renewer to be
the ResourceManager.
> YarnClient doesn't need to translate Kerberos name of timeline DT renewer
> -------------------------------------------------------------------------
>
> Key: YARN-2798
> URL: https://issues.apache.org/jira/browse/YARN-2798
> Project: Hadoop YARN
> Issue Type: Bug
> Components: timelineserver
> Reporter: Arpit Gupta
> Assignee: Zhijie Shen
> Priority: Blocker
> Attachments: YARN-2798.1.patch
>
>
> Now YarnClient will automatically get a timeline DT when submitting an app in
> a secure mode. It will try to parse the yarn-site.xml/core-site.xml to get
> the RM daemon operating system user. However, the RM principal and
> auth_to_local may not be properly presented to the client, and the client
> cannot translate the principal to the daemon user properly. On the other
> hand, AbstractDelegationTokenIdentifier will do this translation when create
> the token. However, since the client has already translated the full
> principal into a short user name (which may not be correct), the server can
> no longer apply the translation any more, where RM principal and
> auth_to_local are always correct.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
