[
https://issues.apache.org/jira/browse/YARN-613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13646558#comment-13646558
]
Daryn Sharp commented on YARN-613:
----------------------------------
I just have general concerns with assuming the entire hadoop environment is
trusted and thus introducing weaknesses at a global level . Ex. A weakness is
introduced every time one entity shares a secret to validate a token created by
another entity. Compromising one of hundreds or thousands of node shouldn't
put the entire cluster at risk. If I can gain access to one NM host and its
keytab, I believe I can secretly launch a malicious NM? NMs currently share a
global key container token secrets, but there is a jira to move to per-NM
secrets so sharing a global AM secret would be another step backwards.
Exploring alternate avenues to avoid global trust, is passing the allowed am
token allowed to get status and stop the container with the launch request not
feasible?
> Create NM proxy per NM instead of per container
> -----------------------------------------------
>
> Key: YARN-613
> URL: https://issues.apache.org/jira/browse/YARN-613
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Bikas Saha
> Assignee: Vinod Kumar Vavilapalli
>
> Currently a new NM proxy has to be created per container since the secure
> authentication is using a containertoken from the container.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
