[jira] [Commented] (SPARK-8129) Securely pass auth secret to executors in standalone cluster mode

Fri, 05 Jun 2015 15:06:44 -0700 

    [ 
https://issues.apache.org/jira/browse/SPARK-8129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14575323#comment-14575323
 ] 

Apache Spark commented on SPARK-8129:
-------------------------------------

User 'kanzhang' has created a pull request for this issue:
https://github.com/apache/spark/pull/6676

> Securely pass auth secret to executors in standalone cluster mode
> -----------------------------------------------------------------
>
>                 Key: SPARK-8129
>                 URL: https://issues.apache.org/jira/browse/SPARK-8129
>             Project: Spark
>          Issue Type: New Feature
>          Components: Deploy, Spark Core
>            Reporter: Kan Zhang
>            Priority: Critical
>
> Currently, when authentication is turned on, Worker passes auth secret to 
> executors (also drivers in cluster mode) as java options on the command line, 
> which isn't secure. The passed secret can be seen by anyone running 'ps' 
> command, e.g.,
> ```
> ps -ef
> ......
>   501 94787 94734   0  2:32PM ??         0:00.78 
> /Library/Java/JavaVirtualMachines/jdk1.7.0_60.jdk/Contents/Home/jre/bin/java 
> -cp 
> /Users/kan/github/spark/sbin/../conf/:/Users/kan/github/spark/assembly/target/scala-2.10/spark-assembly-1.4.0-SNAPSHOT-hadoop2.3.0.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-api-jdo-3.2.6.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-core-3.2.10.jar:/Users/kan/github/spark/lib_managed/jars/datanucleus-rdbms-3.2.9.jar
>  -Xms512M -Xmx512M 
> -*Dspark.authenticate.secret=090A030E0F0A05010900000A0C0E0C0B03050D05* 
> -Dspark.driver.port=49625 -Dspark.authenticate=true -XX:MaxPermSize=128m 
> org.apache.spark.executor.CoarseGrainedExecutorBackend --driver-url 
> akka.tcp://sparkDriver@192.168.1.152:49625/user/CoarseGrainedScheduler 
> --executor-id 0 --hostname 192.168.1.152 --cores 8 --app-id 
> app-20150605143259-0000 --worker-url 
> akka.tcp://sparkWorker@192.168.1.152:49623/user/Worker
> ``` 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to