On Fri, Feb 28, 2020 at 6:21 AM Lars Francke <lars.fran...@gmail.com> wrote:
> Can we not allow specifying a keytab and principal together with proxy > user but those are only used for the initial login to submit the job and > are not shipped to the cluster? This way jobs wouldn't need to rely on the > operating system. > I'm not sure I 100% understand your use case (even if multiple services are using the credential cache, why would that be a problem?), but from Spark's side, the only issue with this is making it clear to the user when things are being submitted one way or another. But frankly this feels more like something better taken care of in Livy (e.g. by using KRB5CCNAME when running spark-submit). -- Marcelo Vanzin van...@gmail.com "Life's too short to drink cheap beer"
