Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/19227
If you're not touching keytabs why are you changing the property names,
which would be an unrelated change? You don't need principal / keytab to get
delegation tokens. You just login with `kinit`.
But shipping delegation tokens in standalone mode has similar issues; it's
a little harder, but not much, to get them, and they have a TTL, but during
that period you can pretty much impersonate the user you stole the delegation
tokens from.
I could hold my nose and let delegation token support be added to
standalone if it's stuck behind a scary looking config like
`spark.standalone.enableInsecureKerberosSupport`; but I'm really not
comfortable with adding any kind of support for shipping keytabs.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
