That sounds like what Spark did. Take a look at this doc https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/deploy/security/README.md The Spark AM has a Kerberos keytab and it periodically acquires a new delegation token (the old one is ignored) to make sure it always has a valid DT. Finally, distribute the DT to all executors.
On Tue, Jun 11, 2024 at 4:34 AM Ankur Khanna <ankur.kha...@oracle.com.invalid> wrote: > Hi experts, > > > > I have a use-case with an external session token that is short lived and > does not renew(ie, unlike a hadoop delegation token, the expiry time is not > updated for this token). For a long running application (longer than the > lifespan of the external token), I want to update the UGI/Credential object > of each and every worker container with a new token. > > If I understand correctly, all delegation tokens are shared at the launch > of a container. > > Is there any way to update the credential object after the launch of the > container and during the lifespan of the application? > > > Best, > > Ankur Khanna > > > > >
