You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Daniel Templeton (JIRA)" <ji...@apache.org> on 2016/01/24 16:28:39 UTC
[jira] [Updated] (HADOOP-12732) Replacing _HOST in RM_PRINCIPAL
should not be the responsibility of the client code
[ https://issues.apache.org/jira/browse/HADOOP-12732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Templeton updated HADOOP-12732:
--------------------------------------
Summary: Replacing _HOST in RM_PRINCIPAL should not be the responsibility of the client code (was: Filesystem.addDelegationToken() should automatically replace _HOST)
> Replacing _HOST in RM_PRINCIPAL should not be the responsibility of the client code
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-12732
> URL: https://issues.apache.org/jira/browse/HADOOP-12732
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs
> Affects Versions: 2.7.1
> Reporter: Daniel Templeton
> Assignee: Daniel Templeton
> Priority: Critical
>
> It is currently the client's responsibility to call {{SecurityUtil.getServerPrincipal()}} to replace the _HOST placeholder in any principal name used for a delegation token. This is a non-optional operation and should not be pushed onto the client. As the {{SecurityUtil.getServerPrincipal()}} call is already designed to be both highly efficient and idempotent, I see no reason not to move the call into the {{FileSystem.addDelegationToken()}} call.
> As additional incentive, all client apps that followed the distributed shell as the canonical example failed to do the replacement because distributed shell fails to do the replacement. (See YARN-4629.) Rather than fixing the whole world, let's move the operation into the API where it belongs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)