Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/14789
Hey, I haven't had the chance to look at this closely, but this seems to
just be an API to trigger the existing credential updater code in Spark, right?
When I filed SPARK-14743 I had a different use case in mind. When I talked
about Oozie and HoS, Spark's credential updater would not be enabled. Those
systems generally do not use Spark's credential updater, since they do not have
the user's keytab. They have their own keytab, which they use to login to the
KDC and generate the tokens, and the run the child applications using a proxy
user. They need a way to give Spark those tokens after Spark has been started,
which is different from having a way to trigger Spark's token updater mechanism.
I'm not sure I understand how something like Oozie or HoS would use the
particular feature added with this change. They can't give their own keytab to
the user's application, because the user code should not have access to that.
Tom:
> To get around keytabs, I was going to add an interface to push new
credentials from the gateway box.
Yes basically that is more in line with what I had in mind.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
