Github user pwendell commented on the pull request: https://github.com/apache/spark/pull/4688#issuecomment-92537887 Hi @harishreedharan - could you add some more documentation for this? The high level architecture here may be hard for users to see. Here are some places you might consider documenting how this works: 1. The security page in the Spark docs: http://spark.apache.org/docs/latest/security.html (that one could probably use some better YARN related docs anyways). 2. (if relevant) the Security Manager Doc: https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/SecurityManager.scala 3. In the Spark submit doc describing --keytab - I would say something like "The keytab will be copied into the distributed cache for regular token renewal." It would be good to explain very explicitly that we're copying this private credential around the cluster. It would be good to just make it discoverable for someone who is trying to figure out how this works. Basically that you copy keytab and then do regular keytab-based logins from within the cluster.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org