[
https://issues.apache.org/jira/browse/YARN-1203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13768620#comment-13768620
]
Omkar Vinit Joshi commented on YARN-1203:
-----------------------------------------
Today if SSL is enabled for RM/NM/NN/DN then it gets enabled even for Map
reduce application master. Potentially there is security problem here
* We can't allow MR users to gain access to keystore file
* Also Certificates issued by MR-AM can not be trusted by end user just like
the one issued by RM/NM.
Also to keystore and truststore only yarn and hdfs users should have access to
(RW-RW---- yarn superuser).
Explicitly disabling SSL for MR AM (hadoop.ssl.enabled=false)
> Need to be able to disable 'hadoop.ssl.enabled' explicitly
> ----------------------------------------------------------
>
> Key: YARN-1203
> URL: https://issues.apache.org/jira/browse/YARN-1203
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Yesha Vora
> Assignee: Omkar Vinit Joshi
>
> Need to add support to disable 'hadoop.ssl.enabled' for MR jobs.
> A job should be able to run on http protocol by setting 'hadoop.ssl.enabled'
> property at job level.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
