Github user vanzin commented on the pull request:
https://github.com/apache/spark/pull/8218#issuecomment-137257022
> it seems then that there are two kinds of authentication
No, there's one kind of authentication. I don't know what's this
"handshake" you talk about. Whenever you open a connection to read shuffle
blocks and `spark.authenticate` is enabled (no matter whether you are
connecting to a block manager directly, or to an external shuffle service), you
will perform SASL authentication and provide the user name (= app id) and
secret for your application.
The secret is already distributed securely on YARN; it's stashed in the
credentials held by the `UserGroupInformation` object used to start the
application.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
