You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flink.apache.org by "Rong Rong (JIRA)" <ji...@apache.org> on 2018/12/06 23:49:00 UTC

[jira] [Created] (FLINK-11088) Improve Kerberos Authentication using Keytab in YARN proxy user mode

Rong Rong created FLINK-11088:
---------------------------------

             Summary: Improve Kerberos Authentication using Keytab in YARN proxy user mode
                 Key: FLINK-11088
                 URL: https://issues.apache.org/jira/browse/FLINK-11088
             Project: Flink
          Issue Type: Improvement
          Components: YARN
            Reporter: Rong Rong


Currently flink-yarn assumes keytab is shipped as application master environment local resource on client side and will be distributed to all the TMs. This does not work for YARN proxy user mode since proxy user or super user does not have access to actual user's keytab but only delegation tokens. 

We propose to have the keytab file path discovery configurable depending on the launch mode of the YARN client. 

Reference: https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)