You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mapreduce-issues@hadoop.apache.org by "Alejandro Abdelnur (JIRA)" <ji...@apache.org> on 2012/09/19 20:28:07 UTC

[jira] [Commented] (MAPREDUCE-4669) MRAM web UI over HTTPS does not work with Kerberos security enabled

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458927#comment-13458927 ] 

Alejandro Abdelnur commented on MAPREDUCE-4669:
-----------------------------------------------

An approach would be do get the user to provide the keystore for its AM via distributed cached.
                
> MRAM web UI over HTTPS does not work with Kerberos security enabled
> -------------------------------------------------------------------
>
>                 Key: MAPREDUCE-4669
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4669
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: mr-am
>    Affects Versions: 2.0.3-alpha
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>
> With Kerberos enable, the MRAM runs as the user that submitted the job, thus the MRAM process cannot read the cluster keystore files to get the certificates to start its HttpServer using HTTPS.
> We need to decouple the keystore used by RM/NM/NN/DN (which are cluster provided) from the keystore used by AMs (which ought to be user provided).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira