Github user pwendell commented on the pull request:
https://github.com/apache/spark/pull/4688#issuecomment-92537887
Hi @harishreedharan - could you add some more documentation for this? The
high level architecture here may be hard for users to see. Here are some places
you might consider documenting how this works:
1. The security page in the Spark docs:
http://spark.apache.org/docs/latest/security.html (that one could probably use
some better YARN related docs anyways).
2. (if relevant) the Security Manager Doc:
https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/SecurityManager.scala
3. In the Spark submit doc describing --keytab - I would say something like
"The keytab will be copied into the distributed cache for regular token
renewal." It would be good to explain very explicitly that we're copying this
private credential around the cluster.
It would be good to just make it discoverable for someone who is trying to
figure out how this works. Basically that you copy keytab and then do regular
keytab-based logins from within the cluster.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
