[ https://issues.apache.org/jira/browse/YARN-2049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Zhijie Shen updated YARN-2049: ------------------------------ Attachment: YARN-2049.2.patch Fix a bug in the previous patch: When creating the delegation token, we shouldn't use the current user to server as the owner of the DT, because the current user is going to be the user of the timeline server. On the other side, we also cannot use the remote user from AuthenticationFilter, because before passing AuthenticationFilter, the user is still not logged in, and the remote user from HttpServletRequest is going to be "dr.who" by default, given static user filter is applied before. The right way is get the user name from authentication token, because at this point the kerberos authentication is passed, and authentication token's user name is actually the client kerberos principle, which is the right one we want to use. > Delegation token stuff for the timeline sever > --------------------------------------------- > > Key: YARN-2049 > URL: https://issues.apache.org/jira/browse/YARN-2049 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Zhijie Shen > Assignee: Zhijie Shen > Attachments: YARN-2049.1.patch, YARN-2049.2.patch > > -- This message was sent by Atlassian JIRA (v6.2#6252)