Github user vanzin commented on the pull request:
https://github.com/apache/spark/pull/4106#issuecomment-76033180
> if the client application wants to execute a job that reads and writes
from HDFS that has been secured with kerberos, they should be allowed to do so
if they have the keytab file at the client side.
But that's the part I don't understand: what keytab?
The reason people deploy kerberos is to make sure people properly log in
with their own credentials before using services. Those credentials need not be
materialized in the form of a keytab - you can use `kinit` to login using your
password, for example.
But the approach here seems to be to have everybody share one set of
credentials. Which to me doesn't really make a lot of sense when talking about
kerberos.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
