Github user squito commented on a diff in the pull request:
https://github.com/apache/spark/pull/20742#discussion_r175173523
--- Diff: docs/security.md ---
@@ -182,54 +582,70 @@ configure those ports.
</tr>
</table>
-### HTTP Security Headers
-Apache Spark can be configured to include HTTP Headers which aids in
preventing Cross
-Site Scripting (XSS), Cross-Frame Scripting (XFS), MIME-Sniffing and also
enforces HTTP
-Strict Transport Security.
+# Kerberos
+
+Spark supports submitting applications in environments that use Kerberos
for authentication.
+In most cases, Spark relies on the credentials of the current logged in
user when authenticating
+to Kerberos-aware services. Such credentials can be obtained by logging in
to the configured KDC
+with tools like `kinit`.
+
+When talking to Hadoop-based services, Spark needs to obtain delegation
tokens so that non-local
+processes can authenticate. Spark ships with support for HDFS and other
Hadoop file systems, Hive
+and HBase.
+
+When using a Hadoop filesystem (such HDFS or WebHDFS), Spark will acquire
the relevant tokens
+for the service hosting the user's home directory.
+
+An HBase token will be obtained if HBase is in the application's
classpath, and the HBase
+configuration has Kerberos authentication turned
(`hbase.security.authentication=kerberos`).
+
+Similarly, a Hive token will be obtained if Hive is in the classpath, and
the configuration includes
+a URIs for remote metastore services (`hive.metastore.uris` is not empty).
--- End diff --
nit: either "a URI" or "URIs"
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
