[ https://issues.apache.org/jira/browse/SPARK-25732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16651860#comment-16651860 ]
Marco Gaido commented on SPARK-25732: ------------------------------------- [~tgraves] yes, exactly it is what I am referring as confusing. The point is, currently, if we specify --principal and --keytab they are used to login (please see https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/deploy/SparkSubmit.scala#L348). So those are the credential used (regardless of if/what you are kinited as). > Allow specifying a keytab/principal for proxy user for token renewal > --------------------------------------------------------------------- > > Key: SPARK-25732 > URL: https://issues.apache.org/jira/browse/SPARK-25732 > Project: Spark > Issue Type: Improvement > Components: Deploy > Affects Versions: 2.4.0 > Reporter: Marco Gaido > Priority: Major > > As of now, application submitted with proxy-user fail after 2 week due to the > lack of token renewal. In order to enable it, we need the the > keytab/principal of the impersonated user to be specified, in order to have > them available for the token renewal. > This JIRA proposes to add two parameters {{--proxy-user-principal}} and > {{--proxy-user-keytab}}, and the last letting a keytab being specified also > in a distributed FS, so that applications can be submitted by servers (eg. > Livy, Zeppelin) without needing all users' principals being on that machine. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org