[ https://issues.apache.org/jira/browse/YARN-9385?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16793902#comment-16793902 ]
Todd Lipcon commented on YARN-9385: ----------------------------------- +1, lgtm, thanks Eric > YARN Services with simple authentication doesn't respect current UGI > -------------------------------------------------------------------- > > Key: YARN-9385 > URL: https://issues.apache.org/jira/browse/YARN-9385 > Project: Hadoop YARN > Issue Type: Improvement > Components: security, yarn-native-services > Reporter: Todd Lipcon > Assignee: Eric Yang > Priority: Major > Attachments: YARN-9385.001.patch, YARN-9385.002.patch, > YARN-9385.003.patch, YARN-9385.004.patch, YARN-9385.005.patch > > > The ApiServiceClient implementation appends the current username to the > request URL for "simple" authentication. However, that username is derived > from the 'user.name' system property instead of the current UGI. That means > that username spoofing via the 'HADOOP_USER_NAME' variable doesn't take > effect for HTTP-based calls in the same manner that it does for RPC-based > calls. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org