You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Tzu-Li (Gordon) Tai (JIRA)" <ji...@apache.org> on 2017/02/28 16:32:45 UTC
[jira] [Comment Edited] (FLINK-1702) Authenticate via Kerberos from
the client only
[ https://issues.apache.org/jira/browse/FLINK-1702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15888388#comment-15888388 ]
Tzu-Li (Gordon) Tai edited comment on FLINK-1702 at 2/28/17 4:31 PM:
---------------------------------------------------------------------
Standalone mode currently still requires all nodes to be able to authenticate using Kerberos, but I don't we think we can pass around the acquired Hadoop delegation tokens in standalone mode anyway.
So yes, I'd say this can be closed.Closing this.
was (Author: tzulitai):
Standalone mode still requires all nodes to be able to authenticate using Kerberos, but I don't we think we can pass around the acquired Hadoop delegation tokens in standalone mode anyway.
So yes, I'd say this can be closed.Closing this.
> Authenticate via Kerberos from the client only
> ----------------------------------------------
>
> Key: FLINK-1702
> URL: https://issues.apache.org/jira/browse/FLINK-1702
> Project: Flink
> Issue Type: Improvement
> Components: Security
> Reporter: Maximilian Michels
> Priority: Minor
> Fix For: 1.0.0
>
>
> FLINK-1504 implemented support for Kerberos authentication for HDFS in Flink. Currently, the authentication has to be performed on every node when the job or task manager comes up. That implies that all nodes are already authenticated using Kerberos.
> For the Hadoop security mechanism it would be sufficient if the Client authenticated once using Kerberos and received the Hadoop DelegationToken. This Token could then be passed to all nodes. It would be renewed using the Hadoop security mechanisms.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)