zhouyifan279 opened a new issue #913: URL: https://github.com/apache/incubator-kyuubi/issues/913
# Describe the proposal <!-- A clear and concise description of what the proposal is. If this is a KPIP https://kyuubi.apache.org/improvement-proposals.html, please put related link here. --> Due to Spark's limitation, a long running SQL engine must be submitted wtih principal and keytab in order to access secured Hadoop cluster. Turn to Kyuubi, this means before using principal and keytab in JDBC url, keytab files need to be deploy on each host where Kyuubi Servers are running. This umbrellla issue propsed a new way to enable Kyuubi to launch long running SQL engine without principal and keytab provided: 1. Hadoop Cluster manager configures Kyuubi Server's principal to impersonate all Kyuubi users by adding [hadoop proxyuser conf](https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html). 2. Kyuubi Server will obtain DelegationTokens for each use and periodically renew and push DelegationTokens to SQL engine. # Task list <!-- Several sub-tasks with the pre-create issues, and it's better to @ the assignees if you know. More details can see github docs https://docs.github.com/en/issues/tracking-your-work-with-issues/about-task-lists. A simple example: - [ ] #1 - [ ] #11 @user1 - [ ] #12 - [ ] #13 - [ ] #2 @user2 - [ ] #3 --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
