You could set the Spark config properties for principal to use with Kerberos - it's not end-to-end, but could be a good step:
http://spark.apache.org/docs/latest/security.html#yarn-mode On Wed, Jul 20, 2016 at 4:02 PM -0700, "Jeff Zhang" <zjf...@gmail.com<mailto:zjf...@gmail.com>> wrote: I think the work is still in progress. But it will be done very soon. On Thu, Jul 21, 2016 at 5:21 AM, Chen Song <chen.song...@gmail.com<mailto:chen.song...@gmail.com>> wrote: Thanks Jeff. I don't see any configurations for keytab and principal in Zeppelin when talking to Livy. I don't see a reason for Zeppelin to do that. Or is it something this patch gonna enforce? Can I just pull the patch and give a try? Chen On Wed, Jul 20, 2016 at 2:05 AM Jeff Zhang <zjf...@gmail.com<mailto:zjf...@gmail.com>> wrote: Livy in secured cluster is still in progress. See https://github.com/cloudera/livy/pull/145 But this is only in livy side. In zeppelin side, I believe you also need to specify keytab and principal to access livy rest api. I don't know whether you need to refresh ticket in zeppelin side, it depends on zeppelin side implementation. On Wed, Jul 20, 2016 at 4:55 AM, Chen Song <chen.song...@gmail.com<mailto:chen.song...@gmail.com>> wrote: I have a question on running Zeppelin Spark interpreter in a Kerberized environment. Spark comes with a runtime conf that allows you to specific the keytab and principal. My questions are: 1. When using Livy, does it rely on the same mechanism when starting Spark 2. Whether to use Livy or not, there doesn't seem a way to refresh login from the specified the principle and keytab. After a while, I need to run kinit manually to re-login using the principal with the keytab, if the interpreter needs to be restarted. Is there a better way to address this? Chen -- Best Regards Jeff Zhang -- Best Regards Jeff Zhang
