pan3793 commented on PR #2082: URL: https://github.com/apache/incubator-celeborn/pull/2082#issuecomment-1801437634
I missed the review in the previous PR. keytab is enforced in the current implementation for Kerberos authentication, it's a common case for long-running services, but it's also possible to use TGT cache for Kerberos authentication (I know in some companies, TGT cache refresh is handled by the infra team in container/mechanism init phase, so that the application don't need to handle that and don't need to manage and periodically renew the keytab) For example, `spark-submit` allows to use `--principal` and `--keytab`, but also allows to use TGT cache with `--proxy-user` to access the kerberized services. We'd better document such limitations in the log message and docs clearly -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
