Jian He commented on YARN-3855:

Today, RMAuthenticationFilterInitializer is always added in non-secure mode. 
The proposal is to always add RMAuthenticationFilterInitializer too in secure 
mode so that if "http.authentication.type" is 'simple' , user can pass the 
"user.name" to indicate the incoming user name.

> If acl is enabled and http.authentication.type is simple, user cannot view 
> the app page in default setup
> --------------------------------------------------------------------------------------------------------
>                 Key: YARN-3855
>                 URL: https://issues.apache.org/jira/browse/YARN-3855
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Jian He
>            Assignee: Jian He
> If all ACLs (admin acl, queue-admin-acls etc.) are setup properly and 
> "http.authentication.type" is 'simple' in secure mode , user cannot view the 
> application web page in default setup because the incoming user is always 
> considered as "dr.who" and user cannot pass "user.name" to indicate the 
> incoming user name, because AuthenticationFilterInitializer is not enabled by 
> default.

This message was sent by Atlassian JIRA

Reply via email to