This environment variable exists - JOB_TOKEN_FILE. In this jira, we should read the contents of the file via TokenCache's APIs and load the tokens in the UGI (similar to the way job-token is loaded in Child.java). In the JobInProgress, the tokens already exist in memory and it should be easy to add it to the ugi used for copying the jobconf file from the hdfs. In the tasktracker, ditto (for localizing the job's files).
For tasks (and for other processes like an MR Streaming app running a hdfs command from within the tasks), if we have a static block in the UGI to look for the env variable, and load the token cache using the TokenCache's APIs, it should work. Also, when the env var is defined, we should use simple authentication for login.