Github user skonto commented on the issue:
https://github.com/apache/spark/pull/20945
@susanxhuynh the cache represents the ticket for the superuser since he
needs to create a DT as nobody to impersonate nobody. The superuser has the
right to impersonate. The ticket cache replaces the need to kinit with the
superuser's keytab. I had to rename it because I am running within a container
as user nobody anyway (didnt want to add a superuser in the container). My
superuser is hive which does not exist on the DC/OS Spark container or the
DC/OS nodes.
The filename of the cache depends on the OS user not ugi current user:
[hadoop@ip-10-0-9-161 ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_498
Default principal: nobody@LOCAL
Valid starting Expires Service principal
03/04/2018 11:15:37 03/04/2018 21:15:37 krbtgt/LOCAL@LOCAL
renew until 04/04/2018 11:15:37
[hadoop@ip-10-0-9-161 ~]$ id -u hadoop
498
In the above example the hadoop user has a ticketcache that has a suffix
his uid. On the other hand the cache contains a principal for nobody, it could
be anything. As long as the ticket cache has a valid principal for user X,
kerberos is used, then hadoop libraries will see user X as the authenticated
one.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
