[
https://issues.apache.org/jira/browse/YARN-1841?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13937933#comment-13937933
]
Daryn Sharp commented on YARN-1841:
-----------------------------------
The reason the custom AM in the related user@hadoop thread is failing is likely
because it's coded incorrectly. I suspect the RM supplied tokens were not
added to the AM's ugi.
In general, tokens are just a lightweight alternate authentication method that
removes the need for hard authentication, ex. kerberos, which a task cannot do.
Tokens within yarn are used to encode app/task identity and other information.
Note that the identity is not the job's user identity so tokens cannot be
disabled.
This jira should be marked invalid if Vinod agrees.
> YARN ignores/overrides explicit security settings
> -------------------------------------------------
>
> Key: YARN-1841
> URL: https://issues.apache.org/jira/browse/YARN-1841
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.3.0
> Reporter: Oleg Zhurakousky
>
> core-site.xml explicitly sets authentication as SIMPLE
> {code}
> <property>
> <name>hadoop.security.authentication</name>
> <value>simple</value>
> <description>Simple authentication</description>
> </property>
> {code}
> However any attempt to register ApplicationMaster on the remote YARN cluster
> results in
> {code}
> org.apache.hadoop.security.AccessControlException: SIMPLE authentication is
> not enabled. Available:[TOKEN]
> . . .
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
