[
https://issues.apache.org/jira/browse/YARN-2049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhijie Shen updated YARN-2049:
------------------------------
Attachment: YARN-2049.2.patch
Fix a bug in the previous patch:
When creating the delegation token, we shouldn't use the current user to server
as the owner of the DT, because the current user is going to be the user of the
timeline server.
On the other side, we also cannot use the remote user from
AuthenticationFilter, because before passing AuthenticationFilter, the user is
still not logged in, and the remote user from HttpServletRequest is going to be
"dr.who" by default, given static user filter is applied before.
The right way is get the user name from authentication token, because at this
point the kerberos authentication is passed, and authentication token's user
name is actually the client kerberos principle, which is the right one we want
to use.
> Delegation token stuff for the timeline sever
> ---------------------------------------------
>
> Key: YARN-2049
> URL: https://issues.apache.org/jira/browse/YARN-2049
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Zhijie Shen
> Assignee: Zhijie Shen
> Attachments: YARN-2049.1.patch, YARN-2049.2.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
