[ https://issues.apache.org/jira/browse/YARN-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14602308#comment-14602308 ]
Allen Wittenauer commented on YARN-3855: ---------------------------------------- bq. we do see some use cases that people want their cluster secure but not the web UI. Just because people want it, doesn't mean it's a valid configuration. By enabling insecure browsing on the YARN UI on a secure cluster with ACL management setup, you've essentially opened up a security hole. bq. which is what ATS is currently doing. Then ATS also has a security hole. > If acl is enabled and http.authentication.type is simple, user cannot view > the app page in default setup > -------------------------------------------------------------------------------------------------------- > > Key: YARN-3855 > URL: https://issues.apache.org/jira/browse/YARN-3855 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Jian He > Assignee: Jian He > Attachments: YARN-3855.1.patch > > > If all ACLs (admin acl, queue-admin-acls etc.) are setup properly and > "http.authentication.type" is 'simple' in secure mode , user cannot view the > application web page in default setup because the incoming user is always > considered as "dr.who" . User also cannot pass "user.name" to indicate the > incoming user name, because AuthenticationFilterInitializer is not enabled by > default. This is inconvenient from user's perspective. -- This message was sent by Atlassian JIRA (v6.3.4#6332)