[
https://issues.apache.org/jira/browse/FLINK-1702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15888388#comment-15888388
]
Tzu-Li (Gordon) Tai commented on FLINK-1702:
Standalone mode still requires all nodes to be able to authenticate using
Kerberos, but I don't we think we can pass around the acquired Hadoop
delegation tokens in standalone mode anyway.
So yes, I'd say this can be closed.Closing this.
> Authenticate via Kerberos from the client only
> --
>
> Key: FLINK-1702
> URL: https://issues.apache.org/jira/browse/FLINK-1702
> Project: Flink
> Issue Type: Improvement
> Components: Security
>Reporter: Maximilian Michels
>Priority: Minor
> Fix For: 1.0.0
>
>
> FLINK-1504 implemented support for Kerberos authentication for HDFS in Flink.
> Currently, the authentication has to be performed on every node when the job
> or task manager comes up. That implies that all nodes are already
> authenticated using Kerberos.
> For the Hadoop security mechanism it would be sufficient if the Client
> authenticated once using Kerberos and received the Hadoop DelegationToken.
> This Token could then be passed to all nodes. It would be renewed using the
> Hadoop security mechanisms.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)