[ 
https://issues.apache.org/jira/browse/YARN-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14602295#comment-14602295
 ] 

Jian He commented on YARN-3855:
-------------------------------

bq. This is a misconfiguration, plain and simple.
we do see some use cases that people want their cluster secure but not the web 
UI. people do not bother doing kinit before launching the browser. If cluster 
is setup in this particular way which is by default, there's no way to browse 
the applications other than restarting the daemon and change configs which is 
too inconvenient. Given that the filter is also added in non-secure mode, I 
think it's also fine to add in secure mode.

> If acl is enabled and http.authentication.type is simple, user cannot view 
> the app page in default setup
> --------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-3855
>                 URL: https://issues.apache.org/jira/browse/YARN-3855
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Jian He
>            Assignee: Jian He
>         Attachments: YARN-3855.1.patch
>
>
> If all ACLs (admin acl, queue-admin-acls etc.) are setup properly and 
> "http.authentication.type" is 'simple' in secure mode , user cannot view the 
> application web page in default setup because the incoming user is always 
> considered as "dr.who" . User also cannot pass "user.name" to indicate the 
> incoming user name, because AuthenticationFilterInitializer is not enabled by 
> default. This is inconvenient from user's perspective. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to