[
https://issues.apache.org/jira/browse/SLIDER-742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14269361#comment-14269361
]
Jonathan Maron commented on SLIDER-742:
---------------------------------------
I think you may be confusing some concepts. The Slider AM does not rely on
tokens due to the fact that tokens expire after 7 days. Given the need to
support long running applications the AM actually requires access to a keytab
in order to establish a kerberos authenticated identity. That identity is
leveraged to interact with HDFS etc to obtain tokens that are then used for the
container launch contexts of spawned application containers. The mechanism is
explained in detail here:
http://slider.incubator.apache.org/docs/security.html, under the "The Keytab
distribution/access Options" heading.
> Slider AM secure configuration
> ------------------------------
>
> Key: SLIDER-742
> URL: https://issues.apache.org/jira/browse/SLIDER-742
> Project: Slider
> Issue Type: Bug
> Components: appmaster
> Affects Versions: Slider 0.60
> Environment: Secured Hadoop
> Reporter: Yang Hao
>
> Running in secured Hadoop cluster, when I don't set secured-related
> configuration for SliderAM, an error is out:
> "hdfs://lgtst-xiaomi/user/h_yanghao3/.slider/cluster/hbase1/keytabs': No
> such file or directory".
> For that the token has been sent to SliderAM working dir as file
> container_tokens, can we use this, just like what MapReduceAM does?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
