Thanks Gabor, reducing the attack vector looks a fair call here.
However, I am still thinking of other ways to eliminate this security concern.
Is there a way I can use ticketCache inside my pods somehow? Maybe something
like Yarn?
Just thinking out loud, but would there be a case of automating
Hi Chirag,
Couple things can be done to reduce the attack surface (including but not
limited to):
* Use delegation tokens where only JM needs the keytab file:
https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/security/security-delegation-token/
* Limit the access rights of the k
Hi,
I am trying to implement a HDFS Source connector that can collect files from
Kerberos enabled HDFS. As per the Kerberos support, I have provided my keytab
file to Job Managers and all the Task Managers.
Now, I understand that keytab file is a security concern and if left unsecured
can be use
