Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Duplicate
-
None
-
None
-
None
-
None
Description
In a secured cluster with UI unsecured which has following config
"hadoop.http.authentication.simple.anonymous.allowed" => "true" "hadoop.http.authentication.type" => kerberos
UI can be accessed without any security setting.
Also any user can kill other user's applications via UI
Attachments
Issue Links
- duplicates
-
YARN-6890 If UI is not secured, we allow user to kill other users' job even yarn cluster is secured.
- Resolved