[jira] [Commented] (FLINK-3929) Support for Kerberos Authentication with Keytab Credential

Sun, 28 Aug 2016 13:14:49 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15444044#comment-15444044
 ] 

ASF GitHub Bot commented on FLINK-3929:
---------------------------------------

Github user vijikarthi commented on the issue:

    https://github.com/apache/flink/pull/2275
  
    > 
    YARNSessionFIFOSecuredITCase gives me the following:
    17:49:58,097 INFO SecurityLogger.org.apache.hadoop.ipc.Server - Auth 
successful for appattempt_1471880990715_0001_000001 (auth:SIMPLE)
    It is not using Kerberos it seems. We should check that security is really 
enabled and fail the test if not.
    
    @mxm I am not sure why the log statements from IPC layers are using 
auth:SIMPLE but I have verified the same messages (NM/RM logs) on a running HDP 
(secure) cluster too. I would imagine this is the default implementation and we 
can ignore those messages. However, while investigating this issue, I have 
found an interesting problem with YarnMiniCluster. The containers created does 
not have the Yarn Configuration that we pass through the test code. The KRB5 
file is also not visible and hence the UGI/security context that we create was 
missing proper Hadoop configurations. I have fixed the issue and patched it.
    
    I have also disabled the RollingSinkSecure IT test case since secure MiniFS 
cluster requires privileged ports. We can enable the test case when the patch 
(HDFS-9213) is made in to main stream.
    
    Please take a look and let me know if you can deploy and run the code.


> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Add support for a keytab credential to be associated with the Flink cluster, 
> to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to