You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Daryn Sharp (JIRA)" <ji...@apache.org> on 2013/05/01 15:34:17 UTC

[jira] [Commented] (YARN-617) In unsercure mode, AM can fake resource requirements

    [ https://issues.apache.org/jira/browse/YARN-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13646572#comment-13646572 ] 

Daryn Sharp commented on YARN-617:
----------------------------------

bq. we are trying to change the auth to use AMTokens and authorization will continue to be via ContainerTokens

I may have misinterpreted the other jira...  I thought the goal is continue to auth container launches with a container token, but change status and stop to authenticate with the am token?  Are you saying the goal is to auth container launches with the am token too?

{quote}bq. A RPC server also enables SASL DIGEST-MD5 if a secret manager is active.{quote}
bq. Off topic, but this is what I guessed is the reason underlying YARN-626, do you know when this got merged into branch-2?

The SASL changes HADOOP-8783/HADOOP-8784 went in Oct 3-4 2012.  The change allowed servers to accept tokens regardless of security setting if a secret manager is present, and for clients to always use a token if present regardless of security setting.  This didn't change behavior for secure cluster, so YARN-626 can't be related because security is enabled and the AM is lacking a token for the RM in its UGI.


                
> In unsercure mode, AM can fake resource requirements 
> -----------------------------------------------------
>
>                 Key: YARN-617
>                 URL: https://issues.apache.org/jira/browse/YARN-617
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Minor
>
> Without security, it is impossible to completely avoid AMs faking resources. We can at the least make it as difficult as possible by using the same container tokens and the RM-NM shared key mechanism over unauthenticated RM-NM channel.
> In the minimum, this will avoid accidental bugs in AMs in unsecure mode.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira