Github user vanzin commented on the pull request:
https://github.com/apache/spark/pull/2320#issuecomment-55154141
> So it has nothing to do with whom start the spark daemons but with whom
start the driver.
Well, standalone supports cluster mode. In cluster mode, the Worker daemons
start the driver. Since the Worker daemons currently have no way to execute
child processes as a different user, if you send the keytab to the driver, then
any other process spawned by that worker can read it.
Using secrets in Spark today is kind of an iffy solution because, as far as
I can see, Spark does not support TLS for communication. So your secret would
be sent in the clear over the wire. Unless you're willing to implement a
Diffie-Hellman key exhange for the parties involved in the exchange, so that
you can negotiate a private key over an insecure channel.
I think that unless you're willing to fix one of the two problems (add TLS
to Spark's communication layer, allow Workers to run children as a different
users), there isn't a secure solution to this problem. (BTW, Yarn has those two
features.)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
