[
https://issues.apache.org/jira/browse/YARN-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15838838#comment-15838838
]
Varun Saxena commented on YARN-3053:
------------------------------------
By the way, I think we can still ensure recovery of tokens because we can
provide an API at the client side to get delegation tokens explicitly (for
non-AM / off-app clients in future) if they can do kerberos authentication with
YARN ATS.
Because for such clients we will not have a mechanism to pass the token when
collector/NM restarts.
We can however leave aside storing tokens granted to AMs' and regenerate them
on restart.
> [Security] Review and implement authentication in ATS v.2
> ---------------------------------------------------------
>
> Key: YARN-3053
> URL: https://issues.apache.org/jira/browse/YARN-3053
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Reporter: Sangjin Lee
> Assignee: Varun Saxena
> Labels: YARN-5355, yarn-5355-merge-blocker
> Attachments: ATSv2Authentication(draft).pdf
>
>
> Per design in YARN-2928, we want to evaluate and review the system for
> security, and ensure proper security in the system.
> This includes proper authentication, token management, access control, and
> any other relevant security aspects.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
