[ https://issues.apache.org/jira/browse/FLINK-7860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294694#comment-16294694 ]
Shuyi Chen edited comment on FLINK-7860 at 12/18/17 9:01 PM: ------------------------------------------------------------- I am proposing adding the following new options: security.kerberos.login.proxyuser.principal: the proxy user's principal security.kerberos.login.proxyuser.keytab: the proxy user's keytab path In the client code, it will use security.kerberos.login.principal and security.kerberos.login.keytab to login and impersonate the proxy user. Before the appMaster and container launch, in the launch context, set security.kerberos.login.principal to the value of security.kerberos.login.proxyuser.principal, set security.kerberos.login.keytab to the value of security.kerberos.login.proxyuser.keytab. So in the appMaster and container, it will always use the proxy user's credential. was (Author: suez1224): I am proposing adding the following new options: security.kerberos.login.proxyuser.principal: the proxy user's principal security.kerberos.login.proxyuser.keytab: the proxy user's keytab path In the client code, it will use security.kerberos.login.principal and security.kerberos.login.keytab to login and impersonate the proxy user. Before the appMaster and container launch, set security.kerberos.login.principal to the value of security.kerberos.login.proxyuser.principal, set security.kerberos.login.keytab to the value of security.kerberos.login.proxyuser.keytab. So in the appMaster and container, it will always use the proxy user's credential. > Support YARN proxy user in Flink (impersonation) > ------------------------------------------------ > > Key: FLINK-7860 > URL: https://issues.apache.org/jira/browse/FLINK-7860 > Project: Flink > Issue Type: New Feature > Components: YARN > Reporter: Shuyi Chen > Assignee: Shuyi Chen > -- This message was sent by Atlassian JIRA (v6.4.14#64029)