[
https://issues.apache.org/jira/browse/LIVY-481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17484276#comment-17484276
]
Jeff Xu commented on LIVY-481:
------------------------------
A little bit additional info for the name_rules example above, here's my 2
kerberos realm setup in AWS.
# I applied the livy.conf on Kerberized Livy server running in
COMPUTE.INTERNAL realm.
# I used a user principal from EXAMPLE.COM to connect to the Livy server to
run a simple Spark query.
{noformat}
[realms]
COMPUTE.INTERNAL = {
kdc = <hostname>.compute.internal:88
admin_server = <hostname>.compute.internal:749
default_domain = us-west-2.compute.internal
}
EXAMPLE.COM = {
kdc = kdc.example.com:88
admin_server = kdc.example.com:749
}
[domain_realm]
.us-west-2.compute.internal = COMPUTE.INTERNAL
us-west-2.compute.internal = COMPUTE.INTERNAL
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM {noformat}
> Add support for hadoop.security.auth_to_local
> ----------------------------------------------
>
> Key: LIVY-481
> URL: https://issues.apache.org/jira/browse/LIVY-481
> Project: Livy
> Issue Type: New Feature
> Components: Core
> Affects Versions: 0.5.0, 0.6.0
> Reporter: Ruslan Dautkhanov
> Priority: Major
> Labels: auth_to_local, authentication
>
> Would be great to have support for
> {code:java}
> hadoop.security.auth_to_local{code}
>
> [https://hortonworks.com/blog/fine-tune-your-apache-hadoop-security-settings/]
> [https://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_kerbprin_to_sn.html]
>
> [https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/SecureMode.html]
>
>
> PS. I was thinking {code}livy.server.auth.kerberos.name-rules {code} could
> provide something similar based on config name, but can't find any
> confirmation to this in documentation, nor in code..
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
