halim kim created IMPALA-12318:
----------------------------------
Summary: Use spnego dedicated keytab
Key: IMPALA-12318
URL: https://issues.apache.org/jira/browse/IMPALA-12318
Project: IMPALA
Issue Type: Improvement
Components: Security
Reporter: halim kim
Kerberos is one of the authentication methods that impala provides.
Kerberized impala uses its keytab that has impala principal for authentication.
kerberos authentication can be applied by setting '--principal' and
'--keytab_file' flags.
Further more, It is possible to kerberize impala web console by having
--webserver_require_spnego as true.
The problem is impala uses just one keytab file. Therefore, a keytab must have
both impala and HTTP spnego principal If you want to kerberize web console too.
As far as i know, Other service like hadoop, hive and etc provides a option to
use http spnego dedicated keytab file and there are cases that using seperate
http spnego keytab and service keytab. So providing a way to use another keytab
file for http spnego will make users handle kerberos keytab file more easily.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
