You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-user@hadoop.apache.org by "K. N. Ramachandran" <kn...@gmail.com> on 2016/04/18 16:19:23 UTC

YARN and Kerberos: Client <-> ApplicationMaster RPC

Hello all,

We have a legacy YARN Application code and we were looking at the changes
needed to allow this to run on a Kerberos cluster. The AM (ApplnMaster)
builds an RPC Server and the Client connects to this to get status updates
and program output.

1) Is there an example for this kind of RPC Setup on a Kerberos cluster? We
followed the outline in the TestSaslRPC test (testKerberosRpc function),
but we were wondering if there is a better way?

2) The main issue now is that our changes depend on the user having a
keytab. Following the TestSaslRPC outline, we do a SecurityUtil.login(conf,
(user keytab), (user principal)) when we build the RPC Server (AM side) and
the Client code is able to connect to it.

But ideally the user would have logged in with only a password and that
should be enough. How do we login and build the RPC Server on the AM side
without asking for a password?


Regards,
Ramachandran K.N.
Ph: 814-441-4279