[
https://issues.apache.org/jira/browse/HADOOP-6951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12914740#action_12914740
]
Tom White commented on HADOOP-6951:
-----------------------------------
Sorry about this, I overlooked the fact that the HDFS and MR issues needed
committing at the same time. We should temporarily revert this (the related
issues need unit tests and test-patch running). Unfortunately, Apache svn is
not responding for me at the moment.
> Distinct minicluster services (e.g. NN and JT) overwrite each other's service
> policies
> --------------------------------------------------------------------------------------
>
> Key: HADOOP-6951
> URL: https://issues.apache.org/jira/browse/HADOOP-6951
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Fix For: 0.22.0
>
> Attachments: hadoop-6951.1.txt, hadoop-6951.2.txt, hadoop-6951.txt.0
>
>
> Because the protocol -> ACL mapping in ServiceAuthorizationManager is static,
> services which are run in the same JVM have the potential to clobber the
> other's service authorization ACLs whenever
> ServiceAuthorizationManager.refresh() is called. This causes authorization
> failures if one tries to launch a 2NN connected to a minicluster with
> hadoop.security.authorization enabled. Seems like each service should have
> its own instance of a ServiceAuthorizationManager, instead of using static
> methods.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
