You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Kuhu Shukla (JIRA)" <ji...@apache.org> on 2016/07/07 14:28:11 UTC

[jira] [Commented] (YARN-5173) Enable Token Support for AHSClient

    [ https://issues.apache.org/jira/browse/YARN-5173?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366190#comment-15366190 ] 

Kuhu Shukla commented on YARN-5173:
-----------------------------------

Since Timeline Server and AHS are in the same process and the secretManager for AHS is of the type {{TimelineDelegationTokenSecretManager}}, should the token from timeline be reused by AHSClient instead of a new token of the same type? Can we authenticate AHS port with the Timeline token? Requesting [~zjshen], [~jianhe] for some comments and insight. Thanks a lot!

> Enable Token Support for AHSClient
> ----------------------------------
>
>                 Key: YARN-5173
>                 URL: https://issues.apache.org/jira/browse/YARN-5173
>             Project: Hadoop YARN
>          Issue Type: Bug
>    Affects Versions: 2.7.2
>            Reporter: Kuhu Shukla
>            Assignee: Kuhu Shukla
>
> In a scenario where the YarnClient can't find an application during the getApplicationReport method call, it falls over to the AHS method(s) via RPC, which throws an AccessControlException as token support for AHS is disabled.
> {code}
> java.io.IOException: Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TYPE_OF_AUTH]; Host Details : local host is: "1.2.3.4"; destination host is: "ahs-address:ahs-port;
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org