[YARN-9385] YARN Services with simple authentication doesn't respect current UGI - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.0
Component/s: security, yarn-native-services
Labels:
None

Description

The ApiServiceClient implementation appends the current username to the request URL for "simple" authentication. However, that username is derived from the 'user.name' system property instead of the current UGI. That means that username spoofing via the 'HADOOP_USER_NAME' variable doesn't take effect for HTTP-based calls in the same manner that it does for RPC-based calls.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-9385.005.patch
14/Mar/19 22:54
3 kB
Eric Yang
YARN-9385.004.patch
14/Mar/19 20:22
4 kB
Eric Yang
YARN-9385.003.patch
14/Mar/19 20:18
3 kB
Eric Yang
YARN-9385.002.patch
14/Mar/19 19:19
3 kB
Eric Yang
YARN-9385.001.patch
13/Mar/19 23:07
2 kB
Eric Yang

Activity

People

Assignee:: Eric Yang

Reporter:: Todd Lipcon

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 13/Mar/19 18:16

Updated:: 18/Mar/19 17:36

Resolved:: 18/Mar/19 17:18