[jira] [Commented] (FLINK-3929) Support for Kerberos Authentication with Keytab Credential

Wed, 27 Jul 2016 08:29:25 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15395843#comment-15395843
 ] 

ASF GitHub Bot commented on FLINK-3929:
---------------------------------------

Github user mxm commented on the issue:

    https://github.com/apache/flink/pull/2275
  
    I've passed through your changes. Great work! Thanks a lot for the 
documentation, it was very helpful. Please don't be scared by all the comments, 
most of them are minor. The most important points:
    
    - Do we need to run all the Yarn tests normally and secured? We already 
have problems with our test execution time. Perhaps we could have one dedicated 
test for secure setups and disable the other ones by default to run them 
manually if needed.
    
    - The testing code seems overly complicated using the custom JUnit Runner. 
I think we could achieve the same with `@BeforeClass` and `@AfterClass` methods 
in the secure IT cases. 
    
    - There is no dedicated test for the `SecurityContext` and the 
`JaasConfiguration` classes
    
    - It would be nice to add some documentation to the configuration web page.
    
    - We should throw exceptions if the secure configuration is not complete 
instead of falling back to non-authenticated execution for either Hadoop or the 
Jaas configuration. Otherwise, users might end up with a partly secure 
environment.


> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Add support for a keytab credential to be associated with the Flink cluster, 
> to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to