hadoop-yarn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-9385) YARN Services with simple authentication doesn't respect current UGI
Date Wed, 13 Mar 2019 18:17:00 GMT
Todd Lipcon created YARN-9385:
---------------------------------

             Summary: YARN Services with simple authentication doesn't respect current UGI
                 Key: YARN-9385
                 URL: https://issues.apache.org/jira/browse/YARN-9385
             Project: Hadoop YARN
          Issue Type: Improvement
          Components: security, yarn-native-services
            Reporter: Todd Lipcon


The ApiServiceClient implementation appends the current username to the request URL for "simple"
authentication. However, that username is derived from the 'user.name' system property instead
of the current UGI. That means that username spoofing via the 'HADOOP_USER_NAME' variable
doesn't take effect for HTTP-based calls in the same manner that it does for RPC-based calls.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org


Mime
View raw message