You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Eron Wright (JIRA)" <ji...@apache.org> on 2016/05/18 21:28:12 UTC

[jira] [Commented] (FLINK-3699) Allow per-job Kerberos authentication

    [ https://issues.apache.org/jira/browse/FLINK-3699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15289880#comment-15289880 ] 

Eron Wright  commented on FLINK-3699:
-------------------------------------

It is perceived as quite difficult to protect one job from another within a Flink cluster, because the JobManager executes job code within itself in myriad ways.  To make practical progress here, maybe this improvement could be reimagined based on its underlying goals, for example:
- accessing numerous JobManagers from a single web UI
- allowing numerous users to submit a job to a cluster, while still running the job in the cluster's security context (rather than in the submitter's).

> Allow per-job Kerberos authentication 
> --------------------------------------
>
>                 Key: FLINK-3699
>                 URL: https://issues.apache.org/jira/browse/FLINK-3699
>             Project: Flink
>          Issue Type: Improvement
>          Components: JobManager, Scheduler, TaskManager, YARN Client
>    Affects Versions: 1.0.0
>            Reporter: Stefano Baghino
>            Assignee: Stefano Baghino
>              Labels: kerberos, security, yarn
>
> Currently, authentication in a secure ("Kerberized") environment is performed once as a standalone cluster or a YARN session is started up. This means that jobs submitted will all be executed with the privileges of the user that started up the cluster. This is reasonable in a lot of situations but disallows a fine control over ACLs when Flink is involved.
> Adding a way for each job submission to be independently authenticated would allow each job to run with the privileges of a specific user, enabling much more granular control over ACLs, in particular in the context of existing secure cluster setups.
> So far, a known workaround to this limitation (at least when running on YARN) is to run a per-job cluster as a specific user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)