Github user mgummelt commented on the issue:
https://github.com/apache/spark/pull/16788
In order to renew delegation tokens, the `ApplicationMaster` needs access
to the keytab, right?
https://github.com/apache/spark/blob/master/resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/security/AMCredentialRenewer.scala#L84
So why must the driver send delegation tokens to the ApplicationMaster, if
the ApplicationMaster already has access to the keytab, and can thus fetch
delegation tokens itself? Unless maybe those tokens are only used for the
non-renewal case, when the keytab isn't specified?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
