[
https://issues.apache.org/jira/browse/YARN-617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13642403#comment-13642403
]
Vinod Kumar Vavilapalli commented on YARN-617:
----------------------------------------------
Like I mentioned in the description, we can do this by adding ContainerTokens
to the payload and still using the same ContainerTokens for authentication. We
don't want to remove the authentication altogether as we need mutual
authentication (AMs need to be sure they are talking to valid NMs). So,
- in unsecure mode, RM and NMs share the container-master-key, use it to
validate the ContainerTokens from the payload
- in secure mode, RM and NMs continue to share the container-master-key, use
it to validate the ContainerTokens from the payload. On top of that,
ContainerTokens will be used to authenticate the connection.
> In unsercure mode, AM can fake resource requirements
> -----------------------------------------------------
>
> Key: YARN-617
> URL: https://issues.apache.org/jira/browse/YARN-617
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Priority: Minor
>
> Without security, it is impossible to completely avoid AMs faking resources.
> We can at the least make it as difficult as possible by using the same
> container tokens and the RM-NM shared key mechanism over unauthenticated
> RM-NM channel.
> In the minimum, this will avoid accidental bugs in AMs in unsecure mode.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
