[ https://issues.apache.org/jira/browse/FLINK-3699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefano Baghino updated FLINK-3699: ----------------------------------- Assignee: (was: Stefano Baghino) > Allow per-job Kerberos authentication > -------------------------------------- > > Key: FLINK-3699 > URL: https://issues.apache.org/jira/browse/FLINK-3699 > Project: Flink > Issue Type: Improvement > Components: JobManager, Scheduler, TaskManager, YARN Client > Affects Versions: 1.0.0 > Reporter: Stefano Baghino > Labels: kerberos, security, yarn > > Currently, authentication in a secure ("Kerberized") environment is performed > once as a standalone cluster or a YARN session is started up. This means that > jobs submitted will all be executed with the privileges of the user that > started up the cluster. This is reasonable in a lot of situations but > disallows a fine control over ACLs when Flink is involved. > Adding a way for each job submission to be independently authenticated would > allow each job to run with the privileges of a specific user, enabling much > more granular control over ACLs, in particular in the context of existing > secure cluster setups. > So far, a known workaround to this limitation (at least when running on YARN) > is to run a per-job cluster as a specific user. -- This message was sent by Atlassian JIRA (v6.3.4#6332)