[ https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15668066#comment-15668066 ]
Sangjin Lee commented on YARN-3053: ----------------------------------- {quote} A real challenge is to provide a general approach to authenticate the timeline collectors. Right now we ran the collectors within the NM, so kerberos login is not an issue. However, we also plan to run collectors in separate processes, or even in containers. For collectors running in a separate process then the NM, it's fine to run the collector manager process as YARN and perform a kerberos login. However, if we'd like to run the collectors in separate containers, the containers may probably under the user's name (to better tracking it's resource usage). In this way, the collector itself needs some sort of authentication? Thoughts here? {quote} That is a good question. Among the 3 modes of running the timeline collector (NM aux service, a daemon or a "system" container, and a special "user" container), the first two are probably not very problematic. Our thought on the third mode isn't complete though. Can we capture that aspect as a future work as part of implementing the timeline collector as a full user container? > [Security] Review and implement security in ATS v.2 > --------------------------------------------------- > > Key: YARN-3053 > URL: https://issues.apache.org/jira/browse/YARN-3053 > Project: Hadoop YARN > Issue Type: Sub-task > Components: timelineserver > Reporter: Sangjin Lee > Assignee: Varun Saxena > Labels: YARN-5355 > Attachments: ATSv2Authentication(draft).pdf > > > Per design in YARN-2928, we want to evaluate and review the system for > security, and ensure proper security in the system. > This includes proper authentication, token management, access control, and > any other relevant security aspects. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org