[
https://issues.apache.org/jira/browse/YARN-6669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259736#comment-16259736
]
Jian He commented on YARN-6669:
-------------------------------
I also tested above changes in a secure cluster
> Support security for YARN service framework
> -------------------------------------------
>
> Key: YARN-6669
> URL: https://issues.apache.org/jira/browse/YARN-6669
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Jian He
> Assignee: Jian He
> Attachments: YARN-6669.01.patch,
> YARN-6669.yarn-native-services.01.patch,
> YARN-6669.yarn-native-services.03.patch,
> YARN-6669.yarn-native-services.04.patch,
> YARN-6669.yarn-native-services.05.patch
>
>
> Changes include:
> - Make registry client to programmatically generate the jaas conf for secure
> access ZK quorum
> - Create a KerberosPrincipal resource object in REST API for user to supply
> keberos keytab and principal
> - User has two ways to configure:
> -- If keytab starts with "hdfs://", the keytab will be localized by YARN
> -- If keytab starts with "file://", it is assumed that the keytab are
> available on the localhost.
> - AM will use the keytab to log in
> - ServiceClient is changed to ask hdfs delegation token when submitting the
> service
> - AM code will use the tokens when launching containers
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
