What YARN apps need to do for security today is generally copied direct from distributed shell, with a bit of ill-informed superstition being the sole prose.
We need a normative document in the YARN site covering
- the needs for YARN security
- token creation for AM launch
- how the RM gets involved
- token propagation on container launch
- token renewal strategies
- How to get tokens for other apps like HBase and Hive.
- how to work under OOzie
Perhaps the WritingYarnApplications.md doc is updated, otherwise why not just link to the relevant bit of the distributed shell client on github for a guarantee of staying up to date?