Stefano Baghino created FLINK-3699: -------------------------------------- Summary: Allow per-job Kerberos authentication Key: FLINK-3699 URL: https://issues.apache.org/jira/browse/FLINK-3699 Project: Flink Issue Type: Improvement Components: JobManager, Scheduler, TaskManager, YARN Client Affects Versions: 1.0.0 Reporter: Stefano Baghino
Currently, authentication in a secure ("Kerberized") environment is performed once as a standalone cluster or a YARN session is started up. This means that jobs submitted will all be executed with the privileges of the user that started up the cluster. This is reasonable in a lot of situations but disallows a fine control over ACLs when Flink is involved. Adding a way for each job submission to be independently authenticated would allow each job to run with the privileges of a specific user, enabling much more granular control over ACLs, in particular in the context of existing secure cluster setups. So far, a known workaround to this limitation (at least when running on YARN) is to run a per-job cluster as a specific user. -- This message was sent by Atlassian JIRA (v6.3.4#6332)