[
https://issues.apache.org/jira/browse/IMPALA-12318?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Smith resolved IMPALA-12318.
------------------------------------
Fix Version/s: Impala 4.4.0
Resolution: Fixed
> Use spnego dedicated keytab
> ---------------------------
>
> Key: IMPALA-12318
> URL: https://issues.apache.org/jira/browse/IMPALA-12318
> Project: IMPALA
> Issue Type: Improvement
> Components: Security
> Reporter: halim kim
> Assignee: halim kim
> Priority: Minor
> Fix For: Impala 4.4.0
>
>
> Kerberos is one of the authentication methods that impala provides.
> Kerberized impala uses its keytab that has impala principal for
> authentication.
> kerberos authentication can be applied by setting '--principal' and
> '--keytab_file' flags.
> Further more, It is possible to kerberize impala web console by having
> --webserver_require_spnego as true.
> The problem is impala uses just one keytab file. Therefore, a keytab must
> have both impala and HTTP spnego principal If you want to kerberize web
> console too.
>
> As far as i know, Other service like hadoop, hive and etc provides a option
> to use http spnego dedicated keytab file and there are cases that using
> seperate http spnego keytab and service keytab. So providing a way to use
> another keytab file for http spnego will make users handle kerberos keytab
> file more easily.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
