You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mapreduce-issues@hadoop.apache.org by "Alejandro Abdelnur (JIRA)" <ji...@apache.org> on 2012/09/19 20:26:07 UTC

[jira] [Created] (MAPREDUCE-4669) MRAM web UI over HTTPS does not work with Kerberos security enabled

Alejandro Abdelnur created MAPREDUCE-4669:
---------------------------------------------

             Summary: MRAM web UI over HTTPS does not work with Kerberos security enabled
                 Key: MAPREDUCE-4669
                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4669
             Project: Hadoop Map/Reduce
          Issue Type: Bug
          Components: mr-am
    Affects Versions: 2.0.3-alpha
            Reporter: Alejandro Abdelnur
            Assignee: Alejandro Abdelnur


With Kerberos enable, the MRAM runs as the user that submitted the job, thus the MRAM process cannot read the cluster keystore files to get the certificates to start its HttpServer using HTTPS.

We need to decouple the keystore used by RM/NM/NN/DN (which are cluster provided) from the keystore used by AMs (which ought to be user provided).


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (MAPREDUCE-4669) MRAM web UI over HTTPS does not work with Kerberos security enabled

Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458927#comment-13458927 ] 

Alejandro Abdelnur commented on MAPREDUCE-4669:
-----------------------------------------------

An approach would be do get the user to provide the keystore for its AM via distributed cached.
                
> MRAM web UI over HTTPS does not work with Kerberos security enabled
> -------------------------------------------------------------------
>
>                 Key: MAPREDUCE-4669
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4669
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: mr-am
>    Affects Versions: 2.0.3-alpha
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>
> With Kerberos enable, the MRAM runs as the user that submitted the job, thus the MRAM process cannot read the cluster keystore files to get the certificates to start its HttpServer using HTTPS.
> We need to decouple the keystore used by RM/NM/NN/DN (which are cluster provided) from the keystore used by AMs (which ought to be user provided).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira