[
https://issues.apache.org/jira/browse/SPARK-13478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16657743#comment-16657743
]
Sunayan Saikia commented on SPARK-13478:
----------------------------------------
[~vanzin]: My use case's a bit different. Imagine, I'm kind of like a power
user say, 'poweruser'. I can login as 'poweruser' and I have its keytab and
principal. And, I have a normal user say, 'user1'. 'user1' doesn't have access
to "poweruser"'s keytab or principal. But, being 'poweruser', I'd want to
impersonate 'user1' and run 'spark-submit' in a shell.
Is this use case valid or you see a potential security concern?
> Fetching delegation tokens for Hive fails when using proxy users
> ----------------------------------------------------------------
>
> Key: SPARK-13478
> URL: https://issues.apache.org/jira/browse/SPARK-13478
> Project: Spark
> Issue Type: Bug
> Components: YARN
> Affects Versions: 1.6.0, 2.0.0
> Reporter: Marcelo Vanzin
> Assignee: Marcelo Vanzin
> Priority: Minor
> Fix For: 1.6.4, 2.0.0
>
>
> If you use spark-submit's proxy user support, the code that fetches
> delegation tokens for the Hive Metastore fails. It seems like the Hive
> library tries to connect to the Metastore as the proxy user, and it doesn't
> have a Kerberos TGT for that user, so it fails.
> I don't know whether the same issue exists in the HBase code, but I'll make a
> similar change so that both behave similarly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
