Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-9385

YARN Services with simple authentication doesn't respect current UGI

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.3.0
    • Labels:
      None

      Description

      The ApiServiceClient implementation appends the current username to the request URL for "simple" authentication. However, that username is derived from the 'user.name' system property instead of the current UGI. That means that username spoofing via the 'HADOOP_USER_NAME' variable doesn't take effect for HTTP-based calls in the same manner that it does for RPC-based calls.

        Attachments

        1. YARN-9385.001.patch
          2 kB
          Eric Yang
        2. YARN-9385.002.patch
          3 kB
          Eric Yang
        3. YARN-9385.003.patch
          3 kB
          Eric Yang
        4. YARN-9385.004.patch
          4 kB
          Eric Yang
        5. YARN-9385.005.patch
          3 kB
          Eric Yang

          Activity

            People

            • Assignee:
              eyang Eric Yang
              Reporter:
              tlipcon Todd Lipcon
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: