[jira] [Commented] (YARN-617) In unsercure mode, AM can fake resource requirements

["Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/YARN-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13642403#comment-13642403 ] 

Vinod Kumar Vavilapalli commented on YARN-617:
----------------------------------------------

Like I mentioned in the description, we can do this by adding ContainerTokens to the payload and still using the same ContainerTokens for authentication. We don't want to remove the authentication altogether as we need mutual authentication (AMs need to be sure they are talking to valid NMs). So,
 - in unsecure mode, RM and NMs share the container-master-key, use it to validate the ContainerTokens from the payload
 - in secure mode, RM and NMs continue to share the container-master-key, use it to validate the ContainerTokens from the payload. On top of that, ContainerTokens will be used to authenticate the connection.
                
> In unsercure mode, AM can fake resource requirements 
> -----------------------------------------------------
>
>                 Key: YARN-617
>                 URL: https://issues.apache.org/jira/browse/YARN-617
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Minor
>
> Without security, it is impossible to completely avoid AMs faking resources. We can at the least make it as difficult as possible by using the same container tokens and the RM-NM shared key mechanism over unauthenticated RM-NM channel.
> In the minimum, this will avoid accidental bugs in AMs in unsecure mode.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira