[
https://issues.apache.org/jira/browse/KUDU-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16407168#comment-16407168
]
Todd Lipcon commented on KUDU-2363:
-----------------------------------
Seems like we'd need to start passing the kudu master addresses as part of the
Hadoop 'Configuration' object for this to work, whereas currently it's only
programattically specified.
Also seems like we'd still need to use the keytab option for cases where a job
runs for more than the authn token expiration period (7 days) since the tokens
created at submit time wouldn't be renewable.
That said, probably a good idea so we can support 'spark-submit --deploy-mode
client' without keytabs.
> Investigate if we should use ServiceCredentialProvider for Spark integration
> ----------------------------------------------------------------------------
>
> Key: KUDU-2363
> URL: https://issues.apache.org/jira/browse/KUDU-2363
> Project: Kudu
> Issue Type: Improvement
> Reporter: Hao Hao
> Priority: Major
>
> Spark 2 provides a \{ServiceCredentialProvider} implementation for
> integration with other service on a secure cluster. Here is a related
> [documentation|https://spark.apache.org/docs/2.1.0/running-on-yarn.html#running-in-a-secure-cluster]
> although lacking in detail.
> We should probably investigate if we want to use it to avoid asking users to
> provide the keytab, since it might not be a good practice.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
