[jira] [Commented] (YARN-4126) RM should not issue delegation tokens in unsecure mode

Bibin A Chundatt (JIRA) Mon, 07 Sep 2015 22:56:33 -0700

    [ 
https://issues.apache.org/jira/browse/YARN-4126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14734277#comment-14734277
 ]


Bibin A Chundatt commented on YARN-4126:
----------------------------------------

HI [~jianhe]/[~Naganarasimha]

Seems like check is wrong in {{isAllowedDelegationTokenOp}}
{code}
    if (UserGroupInformation.isSecurityEnabled()) {
      return EnumSet.of(AuthenticationMethod.KERBEROS,
                        AuthenticationMethod.KERBEROS_SSL,
                        AuthenticationMethod.CERTIFICATE)
          .contains(UserGroupInformation.getCurrentUser()
                  .getRealAuthenticationMethod());
    } else {
      return true;
    }
{code}

Else case should have returned false rt?

> RM should not issue delegation tokens in unsecure mode
> ------------------------------------------------------
>
>                 Key: YARN-4126
>                 URL: https://issues.apache.org/jira/browse/YARN-4126
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Jian He
>
> ClientRMService#getDelegationToken is currently  returning a delegation token 
> in insecure mode. We should not return the token if it's in insecure mode. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (YARN-4126) RM should not issue delegation tokens in unsecure mode

Reply via email to