[
https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15834671#comment-15834671
]
Jason Lowe commented on YARN-3053:
----------------------------------
bq. Tokens will be renewed by YARN i.e. by collector manager at each NM if the
collector is active and token is about to expire.
That covers renewing of the token but not the rolling of the token. They're
different concepts. Tokens typically have an normal expiration (e.g.: a few
hours to a day) and can be renewed to extend that expiration, however they can
only be renewed so long (e.g.: for a few days) before they will ultimately
expire despite trying to be renewed. Failure to do this means the token is
almost as good as a keytab -- if stolen by an attacker then it is good for the
lifetime of the app even if the app runs for years. Rolling of the token means
the token bits are regenerated and redistributed, meaning an attacker must
steal the token _again_ in order to keep the system compromised. Essentially
token rolling is limiting the duration of exposure for a one-time theft of the
token.
bq. The only thing which changes for unmanaged AMs' is that YARN won't launch
an AM container for them. So an app based collector would be launched for them
as well.
How is this app collector launched? The unmanaged AM doesn't necessarily run
on any node within the cluster, so does YARN pick an arbitrary node in the
cluster to host the collector? If the collector ever becomes a separate
container then this could be problematic if the cluster is completely full
(i.e.: no room to launch a collector).
> [Security] Review and implement authentication in ATS v.2
> ---------------------------------------------------------
>
> Key: YARN-3053
> URL: https://issues.apache.org/jira/browse/YARN-3053
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Sangjin Lee
> Assignee: Varun Saxena
> Labels: YARN-5355, yarn-5355-merge-blocker
> Attachments: ATSv2Authentication(draft).pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for
> security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and
> any other relevant security aspects.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
