mgaido91 commented on issue #241: [LIVY-692][THRIFT] Use configured principal for Kerberos authentication URL: https://github.com/apache/incubator-livy/pull/241#issuecomment-539874355 I think the point is that in your JIRA you are using HTTP/... as principal when you connect to beeline. You should use the principal Livy server is using instead. > I have a user kinit'd, let's say using principal testuser, who connects via beeline to the Thrift server; and the Spark application for the session runs as testuser. If this is what you mean, then impersonation is working. yes, that is impersonation. Yes, it may not be a problem because in your case you're forcing to use the HTTP principal only for the authentication, but the livy one is used everywhere else, the problem in this case would be token renewal most likely...you are creating the UGI once and never renewing it, so it would not work after 1 week or even 1 day probably.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services