Bibin A Chundatt commented on YARN-4126:

HI [~jianhe]/[~Naganarasimha]

Seems like check is wrong in {{isAllowedDelegationTokenOp}}
    if (UserGroupInformation.isSecurityEnabled()) {
      return EnumSet.of(AuthenticationMethod.KERBEROS,
    } else {
      return true;

Else case should have returned false rt?

> RM should not issue delegation tokens in unsecure mode
> ------------------------------------------------------
>                 Key: YARN-4126
>                 URL: https://issues.apache.org/jira/browse/YARN-4126
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Jian He
> ClientRMService#getDelegationToken is currently  returning a delegation token 
> in insecure mode. We should not return the token if it's in insecure mode. 

This message was sent by Atlassian JIRA

Reply via email to