[
https://issues.apache.org/jira/browse/YARN-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14097244#comment-14097244
]
Varun Vasudev commented on YARN-2397:
-------------------------------------
Thanks for the feedback [~zjshen]. My thinking is that in secure mode, we
should replace the AuthenticationFilterInitializer with the
RMAuthenticationInitializer to add support for authentication using delegation
tokens. In non-secure mode, the RMAuthenticationFilterInitializer and the
AuthenticationFilterInitializer are the the same so there's no need for any
replacement.
However, in non-secure mode, we should have a default filter in case none is
specified(so that users can use the rm web services), hence the code block for
non-secure mode.
> RM web interface sometimes returns request is a replay error in secure mode
> ---------------------------------------------------------------------------
>
> Key: YARN-2397
> URL: https://issues.apache.org/jira/browse/YARN-2397
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Varun Vasudev
> Assignee: Varun Vasudev
> Priority: Critical
> Attachments: apache-yarn-2397.0.patch, apache-yarn-2397.1.patch
>
>
> The RM web interface sometimes returns a request is a replay error if the
> default kerberos http filter is enabled. This is because it uses the new
> RMAuthenticationFilter in addition to the AuthenticationFilter. There is a
> workaround to set
> "yarn.resourcemanager.webapp.delegation-token-auth-filter.enabled" to false.
> This bug is to fix the code to use only the RMAuthenticationFilter and not
> both.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
