You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Karthik Kambatla (JIRA)" <ji...@apache.org> on 2014/01/15 23:10:23 UTC

[jira] [Updated] (YARN-1573) ZK store should pick a private password for root-node-acls

     [ https://issues.apache.org/jira/browse/YARN-1573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Karthik Kambatla updated YARN-1573:
-----------------------------------

    Attachment: yarn-1573-1.patch

Trivial patch that uses a random number instead of cluster-timestamp. Even though it is unlikely, it is okay for the random numbers generated to be same as the usernames are different. We only care about a malicious user not being able to guess the password. Further, users can set their own ACLs for the root node for even better security. 

> ZK store should pick a private password for root-node-acls
> ----------------------------------------------------------
>
>                 Key: YARN-1573
>                 URL: https://issues.apache.org/jira/browse/YARN-1573
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: resourcemanager
>    Affects Versions: 2.4.0
>            Reporter: Karthik Kambatla
>            Assignee: Karthik Kambatla
>         Attachments: yarn-1573-1.patch
>
>
> Currently, when HA is enabled, ZK store uses cluster-timestamp as the password for root node ACLs to give the Active RM exclusive access to the store. A more private value like a random number might be better. 



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)