You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Sevada Abraamyan (JIRA)" <ji...@apache.org> on 2014/11/29 02:30:12 UTC

[jira] [Created] (YARN-2911) Issues with GetApplications request in secure cluster

Sevada Abraamyan created YARN-2911:
--------------------------------------

             Summary: Issues with GetApplications request in secure cluster
                 Key: YARN-2911
                 URL: https://issues.apache.org/jira/browse/YARN-2911
             Project: Hadoop YARN
          Issue Type: Bug
          Components: resourcemanager
            Reporter: Sevada Abraamyan
            Assignee: Sevada Abraamyan


Both problems arise from the fact that the RM stores the short username of the app submitter. 

1) When the {{GetApplicationsRequest}} contains a {{ApplicationsRequestScope.OWN}} filter, i.e. it wants to filter out all apps not owned by the user. The RM attempts to match the full username of the GetApplications requester against the stored short username to determine if the requester is the owner of the app. In a secure cluster this can fail as the two are not always equivalent. 

2) The {{GetApplicationsRequest}} can be used to filter the the set of app returned to be only those which were submitted/owned by a set of users. Once again there is a mismatch here between short/full usernames. Since the client specifies the set of users, theoretically they can pass in a set of short usernames which would makes this feature work in a secure cluster. However, it is not expected that a client will have the correct {{hadoop.security.auth_to_local}} configuration and therefore they can not always be expected to get the correct short usernames. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)