[
https://issues.apache.org/jira/browse/YARN-3452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14993941#comment-14993941
]
Jason Lowe commented on YARN-3452:
----------------------------------
Yeah, probably nothing good. [~gss2002] pointed out HADOOP-12413 which I think
will also remove the bogus lookups in practice when users aren't using the
reverse ACL feature that was added in HADOOP-10650. I'll pull that into 2.6
and 2.7, since I think most users won't be using that new feature. We'll still
need to stop using the bogus usernames for those that are using that
reverse-ACL feature or if someone else tries to do something with the ugi
assuming it actually was a valid user.
> Bogus token usernames cause many invalid group lookups
> ------------------------------------------------------
>
> Key: YARN-3452
> URL: https://issues.apache.org/jira/browse/YARN-3452
> Project: Hadoop YARN
> Issue Type: Bug
> Components: security
> Reporter: Jason Lowe
>
> YARN uses a number of bogus usernames for tokens, like application attempt
> IDs for NM tokens or even the hardcoded "testing" for the container localizer
> token. These tokens cause the RPC layer to do group lookups on these bogus
> usernames which will never succeed but can take a long time to perform.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
