[
https://issues.apache.org/jira/browse/YARN-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14602341#comment-14602341
]
Jian He edited comment on YARN-3855 at 6/26/15 4:35 AM:
--------------------------------------------------------
I believe what you suggested is a general good practice to setup secure
cluster. Btw, the patch did not enable/enforce any of this. People can config
whatever they want for the http authentication regardless how the rest
components are setup before this jira. The point of this jira is to prevent
this scenario that user cannot view any application (even for its own
application) in whatever way unless the daemon is restarted.
was (Author: jianhe):
I believe what you suggested is a general good practice to setup secure
cluster. Btw, the patch did not enable/enforce any of this. People can config
whatever they want for the http authentication regardless how the rest
components are setup before this jira. The point of this jira is to prevent
this scenario that user cannot view the applications in whatever way unless the
daemon is restarted.
> If acl is enabled and http.authentication.type is simple, user cannot view
> the app page in default setup
> --------------------------------------------------------------------------------------------------------
>
> Key: YARN-3855
> URL: https://issues.apache.org/jira/browse/YARN-3855
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Jian He
> Assignee: Jian He
> Attachments: YARN-3855.1.patch, YARN-3855.2.patch
>
>
> If all ACLs (admin acl, queue-admin-acls etc.) are setup properly and
> "http.authentication.type" is 'simple' in secure mode , user cannot view the
> application web page in default setup because the incoming user is always
> considered as "dr.who" . User also cannot pass "user.name" to indicate the
> incoming user name, because AuthenticationFilterInitializer is not enabled by
> default. This is inconvenient from user's perspective.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
