Github user kanzhang commented on the pull request:
https://github.com/apache/spark/pull/6676#issuecomment-110547804
> And how do you plan to use delegation tokens in standalone mode without
kerberos?
Kerberos is in the plan. :) But it is orthogonal to finding a secure way to
distribute per-app secrets. The latter is needed no matter Kerberos is
supported or not.
> Your proposed change protects users that are not running Spark apps from
being able to do bad things, so it's an improvement.
Yes, that's the first goal.
> But you cannot fix standalone mode security just by hiding this secret
from the command line.
My second goal is to improve standalone mode security by having a per-app
key. I think what we debate about is whether this is worth trying, given all
apps are running as the same user.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
