[ https://issues.apache.org/jira/browse/YARN-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14602341#comment-14602341 ]
Jian He edited comment on YARN-3855 at 6/26/15 4:35 AM: -------------------------------------------------------- I believe what you suggested is a general good practice to setup secure cluster. Btw, the patch did not enable/enforce any of this. People can config whatever they want for the http authentication regardless how the rest components are setup before this jira. The point of this jira is to prevent this scenario that user cannot view any application (even for its own application) in whatever way unless the daemon is restarted. was (Author: jianhe): I believe what you suggested is a general good practice to setup secure cluster. Btw, the patch did not enable/enforce any of this. People can config whatever they want for the http authentication regardless how the rest components are setup before this jira. The point of this jira is to prevent this scenario that user cannot view the applications in whatever way unless the daemon is restarted. > If acl is enabled and http.authentication.type is simple, user cannot view > the app page in default setup > -------------------------------------------------------------------------------------------------------- > > Key: YARN-3855 > URL: https://issues.apache.org/jira/browse/YARN-3855 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Jian He > Assignee: Jian He > Attachments: YARN-3855.1.patch, YARN-3855.2.patch > > > If all ACLs (admin acl, queue-admin-acls etc.) are setup properly and > "http.authentication.type" is 'simple' in secure mode , user cannot view the > application web page in default setup because the incoming user is always > considered as "dr.who" . User also cannot pass "user.name" to indicate the > incoming user name, because AuthenticationFilterInitializer is not enabled by > default. This is inconvenient from user's perspective. -- This message was sent by Atlassian JIRA (v6.3.4#6332)