[
https://issues.apache.org/jira/browse/FLINK-9685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17265977#comment-17265977
]
Matthias commented on FLINK-9685:
---------------------------------
I closed this issue as part of the Engine team's backlog grooming since no
consensus discussion happened as requested in the related [PR
#7860|https://github.com/apache/flink/pull/7860] and general inactivity of the
issue.
> Flink should support hostname-substitution for
> security.kerberos.login.principal
> --------------------------------------------------------------------------------
>
> Key: FLINK-9685
> URL: https://issues.apache.org/jira/browse/FLINK-9685
> Project: Flink
> Issue Type: Improvement
> Components: Runtime / Coordination
> Reporter: Ethan Li
> Assignee: Aleksandr Salatich
> Priority: Major
> Labels: pull-request-available
> Time Spent: 40m
> Remaining Estimate: 0h
>
> [https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/SecurityConfiguration.java#L83]
>
> We can have something like this
> {code:java}
> String rawPrincipal =
> flinkConf.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL);
> if (rawPrincipal != null) {
> try {
> rawPrincipal = rawPrincipal.replace("HOSTNAME",
> InetAddress.getLocalHost().getCanonicalHostName());
> } catch (UnknownHostException e) {
> LOG.error("Failed to replace HOSTNAME with localhost because {}", e);
> }
> }
> this.principal = rawPrincipal;
> {code}
> So it will be easier to deploy flink to cluster. Instead of setting different
> principal on every node, we can have the same principal
> headless_user/HOSTNAME@DOMAIN .
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
