Github user tgravescs commented on the pull request:
https://github.com/apache/spark/pull/4688#issuecomment-76060245
Generally speaking its a not a good idea to ship keytabs around. If one is
compromised then the user who gets it can do anything as that user forever.
YARN/HDFS generally uses tokens because they have a limited lifetime so if one
was compromised it would be for a limited amount of time. I know our internal
paranoids would not allow this change to be rolled out internally.
This really needs to be fixed on the YARN side but unfortunately not much
work there: https://issues.apache.org/jira/browse/YARN-896
That said I realize there aren't many options right now so as long as we
make sure this doesn't happen automatically I don't have any better ideas
(other then work on the YARN jira).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
