[YARN-2798] YarnClient doesn't need to translate Kerberos name of timeline DT renewer - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.6.0
Component/s: timelineserver
Labels:
None

Target Version/s:

2.6.0
Hadoop Flags:

Reviewed

Description

Now YarnClient will automatically get a timeline DT when submitting an app in a secure mode. It will try to parse the yarn-site.xml/core-site.xml to get the RM daemon operating system user. However, the RM principal and auth_to_local may not be properly presented to the client, and the client cannot translate the principal to the daemon user properly. On the other hand, AbstractDelegationTokenIdentifier will do this translation when create the token. However, since the client has already translated the full principal into a short user name (which may not be correct), the server can no longer apply the translation any more, where RM principal and auth_to_local are always correct.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-2798.1.patch
02/Nov/14 23:12
6 kB
Zhijie Shen
YARN-2798.2.patch
03/Nov/14 03:07
7 kB
Zhijie Shen

Activity

People

Assignee:: Zhijie Shen

Reporter:: Arpit Gupta

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 02/Nov/14 20:14

Updated:: 01/Dec/14 03:11

Resolved:: 03/Nov/14 20:52