[
https://issues.apache.org/jira/browse/YARN-9385?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16793902#comment-16793902
]
Todd Lipcon commented on YARN-9385:
-----------------------------------
+1, lgtm, thanks Eric
> YARN Services with simple authentication doesn't respect current UGI
> --------------------------------------------------------------------
>
> Key: YARN-9385
> URL: https://issues.apache.org/jira/browse/YARN-9385
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: security, yarn-native-services
> Reporter: Todd Lipcon
> Assignee: Eric Yang
> Priority: Major
> Attachments: YARN-9385.001.patch, YARN-9385.002.patch,
> YARN-9385.003.patch, YARN-9385.004.patch, YARN-9385.005.patch
>
>
> The ApiServiceClient implementation appends the current username to the
> request URL for "simple" authentication. However, that username is derived
> from the 'user.name' system property instead of the current UGI. That means
> that username spoofing via the 'HADOOP_USER_NAME' variable doesn't take
> effect for HTTP-based calls in the same manner that it does for RPC-based
> calls.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
