In 0.20.xxx, the JobClient while polling goes to JT to get the job status. With YARN, AM can be launched on any port and the client will have to have ACL open to that port to talk to AM and get the job status. When the client is within the same grid network access to AM is not a problem. But some applications may have one installation per set of clusters and may launch jobs even across such sets (on job trackers in another set of clusters). For that to work only the JT port needs to be open currently. In case of YARN, all ports will have to be opened up for things to work. That would be a security no-no.
There are two possible solutions:
1) Make the job client only talk to RM (as an option) to get the job status.
2) Limit the range of ports AM can listen on.
Option 2) may not be favorable as there is no direct OS API to find a free port.