Github user mccheah commented on the pull request:
https://github.com/apache/spark/pull/4106#issuecomment-76037757
Come to think of it, with my current approach, since the keytab is
specified in the driver's SparkConf, theoretically different Spark applications
can specify different keytabs and principals for the login. So this doesn't
necessarily imply that every Spark application uses the same credentials. (It
would just be a bit of a pain to get every keytab file for every user deployed
on all of the machines in the Spark cluster).
That being said my use case was that the cluster is a dedicated resource
for a select few Spark applications, and the Spark applications serve end
users, and the end users themselves do not have access to the credentials.
Part of the reason why this is confusing to me is that when I looked at
secure HDFS configurations, there is only one keytab file that can be specified
for the namenode, which implied to me that everyone who accesses HDFS must use
that keytab file. Perhaps I can be enlightened as to how one accesses HDFS
WITHOUT using that specific keytab file?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
