[ https://issues.apache.org/jira/browse/YARN-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14097244#comment-14097244 ]
Varun Vasudev commented on YARN-2397: ------------------------------------- Thanks for the feedback [~zjshen]. My thinking is that in secure mode, we should replace the AuthenticationFilterInitializer with the RMAuthenticationInitializer to add support for authentication using delegation tokens. In non-secure mode, the RMAuthenticationFilterInitializer and the AuthenticationFilterInitializer are the the same so there's no need for any replacement. However, in non-secure mode, we should have a default filter in case none is specified(so that users can use the rm web services), hence the code block for non-secure mode. > RM web interface sometimes returns request is a replay error in secure mode > --------------------------------------------------------------------------- > > Key: YARN-2397 > URL: https://issues.apache.org/jira/browse/YARN-2397 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Varun Vasudev > Assignee: Varun Vasudev > Priority: Critical > Attachments: apache-yarn-2397.0.patch, apache-yarn-2397.1.patch > > > The RM web interface sometimes returns a request is a replay error if the > default kerberos http filter is enabled. This is because it uses the new > RMAuthenticationFilter in addition to the AuthenticationFilter. There is a > workaround to set > "yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled" to false. > This bug is to fix the code to use only the RMAuthenticationFilter and not > both. -- This message was sent by Atlassian JIRA (v6.2#6252)