You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Aljoscha Krettek (Jira)" <ji...@apache.org> on 2020/02/03 10:37:00 UTC
[jira] [Updated] (FLINK-15561) Improve Kerberos delegation token
login
[ https://issues.apache.org/jira/browse/FLINK-15561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aljoscha Krettek updated FLINK-15561:
-------------------------------------
Fix Version/s: 1.9.3
1.10.0
> Improve Kerberos delegation token login
> ----------------------------------------
>
> Key: FLINK-15561
> URL: https://issues.apache.org/jira/browse/FLINK-15561
> Project: Flink
> Issue Type: Bug
> Components: Deployment / YARN
> Reporter: Rong Rong
> Assignee: Rong Rong
> Priority: Major
> Labels: pull-request-available, usability
> Fix For: 1.10.0, 1.11.0, 1.9.3
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Inspired by the discussion in [http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Yarn-Kerberos-issue-td31894.html#a31933]
>
> Currently the security HadoopModule handles delegation token login seems to be not working.
> Some improvements including: spawning a delegation token renewal thread. See: [1] [https://github.com/apache/flink/blob/release-1.9/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L84]
> and [2] [https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java#L538]
> Another is to ensure delegation token is also a valid format of credential when launching YARN context. See [1] [https://github.com/apache/flink/blob/master/flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java#L484] and [2] [https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L146]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)