[
https://issues.apache.org/jira/browse/YARN-613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13645890#comment-13645890
]
Vinod Kumar Vavilapalli commented on YARN-613:
----------------------------------------------
bq. I assumed that was the implementation. Does a global AM secret degrade the
security of yarn by allowing one rogue node to begin fabricating tokens?
NMs are trusted. They are kerberos authenticated, and we also have the service
level authorization to enforce only some principals. Is that not enough?
The better argument perhaps is crunching through a lot of AMTokens to figure
out the key, but we rollover keys every so often to avoid that case.
> Create NM proxy per NM instead of per container
> -----------------------------------------------
>
> Key: YARN-613
> URL: https://issues.apache.org/jira/browse/YARN-613
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Bikas Saha
> Assignee: Vinod Kumar Vavilapalli
>
> Currently a new NM proxy has to be created per container since the secure
> authentication is using a containertoken from the container.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
