[ 
https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15496555#comment-15496555
 ] 

ASF GitHub Bot commented on FLINK-3929:
---------------------------------------

Github user vijikarthi commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2275#discussion_r79190433
  
    --- Diff: 
flink-core/src/main/java/org/apache/flink/configuration/ConfigConstants.java ---
    @@ -1233,6 +1239,9 @@
        /** ZooKeeper default leader port. */
        public static final int DEFAULT_ZOOKEEPER_LEADER_PORT = 3888;
     
    +   /** Defaults for ZK client security **/
    +   public static final boolean DEFAULT_ZOOKEEPER_SASL_DISABLE = true;
    --- End diff --
    
    I agree but it can be argued both ways. We could keep the default to false 
(enable SASL client auth if not disabled explicitly through configuration file) 
or expect an explicit ask to enable SASL through the configuration settings. I 
chose later since secure ZK is not a common deployment (mostly) and moreover we 
also have introduced new security configurations to enable security and one 
could configure/adjust ZK configuration at that time. 


> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Add support for a keytab credential to be associated with the Flink cluster, 
> to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to