[
https://issues.apache.org/jira/browse/FLINK-7860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294694#comment-16294694
]
Shuyi Chen commented on FLINK-7860:
-----------------------------------
I am proposing adding the following new options:
security.kerberos.login.proxyuser.principal: the proxy user's principal
security.kerberos.login.proxyuser.keytab: the proxy user's keytab path
In the client code, it will use security.kerberos.login.principal and
security.kerberos.login.keytab to login and impersonate the proxy user. Before
the appMaster and container launch, set security.kerberos.login.principal to
the value of security.kerberos.login.proxyuser.principal, set
security.kerberos.login.keytab to the value of
security.kerberos.login.proxyuser.keytab. So in the appMaster and container, it
will always use the proxy user's credential.
> Support YARN proxy user in Flink (impersonation)
> ------------------------------------------------
>
> Key: FLINK-7860
> URL: https://issues.apache.org/jira/browse/FLINK-7860
> Project: Flink
> Issue Type: New Feature
> Components: YARN
> Reporter: Shuyi Chen
> Assignee: Shuyi Chen
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
