[jira] [Commented] (YARN-3053) [Security] Review and implement security in ATS v.2

Tue, 15 Nov 2016 11:42:13 -0800 

    [ 
https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15668066#comment-15668066
 ] 

Sangjin Lee commented on YARN-3053:
-----------------------------------

{quote}
A real challenge is to provide a general approach to authenticate the timeline 
collectors. Right now we ran the collectors within the NM, so kerberos login is 
not an issue. However, we also plan to run collectors in separate processes, or 
even in containers. For collectors running in a separate process then the NM, 
it's fine to run the collector manager process as YARN and perform a kerberos 
login. However, if we'd like to run the collectors in separate containers, the 
containers may probably under the user's name (to better tracking it's resource 
usage). In this way, the collector itself needs some sort of authentication? 
Thoughts here?
{quote}

That is a good question. Among the 3 modes of running the timeline collector 
(NM aux service, a daemon or a "system" container, and a special "user" 
container), the first two are probably not very problematic.

Our thought on the third mode isn't complete though. Can we capture that aspect 
as a future work as part of implementing the timeline collector as a full user 
container?

> [Security] Review and implement security in ATS v.2
> ---------------------------------------------------
>
>                 Key: YARN-3053
>                 URL: https://issues.apache.org/jira/browse/YARN-3053
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Sangjin Lee
>            Assignee: Varun Saxena
>              Labels: YARN-5355
>         Attachments: ATSv2Authentication(draft).pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for 
> security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and 
> any other relevant security aspects.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to