[jira] [Updated] (FLINK-11088) Improve Kerberos Authentication using Keytab in YARN proxy user mode

Rong Rong (JIRA) Thu, 06 Dec 2018 15:49:44 -0800


     [ 
https://issues.apache.org/jira/browse/FLINK-11088?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rong Rong updated FLINK-11088:
------------------------------
    Component/s: Security

> Improve Kerberos Authentication using Keytab in YARN proxy user mode
> --------------------------------------------------------------------
>
>                 Key: FLINK-11088
>                 URL: https://issues.apache.org/jira/browse/FLINK-11088
>             Project: Flink
>          Issue Type: Improvement
>          Components: Security, YARN
>            Reporter: Rong Rong
>            Priority: Major
>
> Currently flink-yarn assumes keytab is shipped as application master 
> environment local resource on client side and will be distributed to all the 
> TMs. This does not work for YARN proxy user mode since proxy user or super 
> user does not have access to actual user's keytab but only delegation tokens. 
> We propose to have the keytab file path discovery configurable depending on 
> the launch mode of the YARN client. 
> Reference: 
> https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (FLINK-11088) Improve Kerberos Authentication using Keytab in YARN proxy user mode

Reply via email to