You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2019/03/13 23:08:00 UTC

[jira] [Updated] (YARN-9385) YARN Services with simple authentication doesn't respect current UGI

     [ https://issues.apache.org/jira/browse/YARN-9385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eric Yang updated YARN-9385:
----------------------------
    Attachment: YARN-9385.001.patch

> YARN Services with simple authentication doesn't respect current UGI
> --------------------------------------------------------------------
>
>                 Key: YARN-9385
>                 URL: https://issues.apache.org/jira/browse/YARN-9385
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: security, yarn-native-services
>            Reporter: Todd Lipcon
>            Priority: Major
>         Attachments: YARN-9385.001.patch
>
>
> The ApiServiceClient implementation appends the current username to the request URL for "simple" authentication. However, that username is derived from the 'user.name' system property instead of the current UGI. That means that username spoofing via the 'HADOOP_USER_NAME' variable doesn't take effect for HTTP-based calls in the same manner that it does for RPC-based calls.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org