[
https://issues.apache.org/jira/browse/FLINK-7860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294694#comment-16294694
]
Shuyi Chen edited comment on FLINK-7860 at 12/18/17 9:01 PM:
-------------------------------------------------------------
I am proposing adding the following new options:
security.kerberos.login.proxyuser.principal: the proxy user's principal
security.kerberos.login.proxyuser.keytab: the proxy user's keytab path
In the client code, it will use security.kerberos.login.principal and
security.kerberos.login.keytab to login and impersonate the proxy user. Before
the appMaster and container launch, in the launch context, set
security.kerberos.login.principal to the value of
security.kerberos.login.proxyuser.principal, set security.kerberos.login.keytab
to the value of security.kerberos.login.proxyuser.keytab. So in the appMaster
and container, it will always use the proxy user's credential.
was (Author: suez1224):
I am proposing adding the following new options:
security.kerberos.login.proxyuser.principal: the proxy user's principal
security.kerberos.login.proxyuser.keytab: the proxy user's keytab path
In the client code, it will use security.kerberos.login.principal and
security.kerberos.login.keytab to login and impersonate the proxy user. Before
the appMaster and container launch, set security.kerberos.login.principal to
the value of security.kerberos.login.proxyuser.principal, set
security.kerberos.login.keytab to the value of
security.kerberos.login.proxyuser.keytab. So in the appMaster and container, it
will always use the proxy user's credential.
> Support YARN proxy user in Flink (impersonation)
> ------------------------------------------------
>
> Key: FLINK-7860
> URL: https://issues.apache.org/jira/browse/FLINK-7860
> Project: Flink
> Issue Type: New Feature
> Components: YARN
> Reporter: Shuyi Chen
> Assignee: Shuyi Chen
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
