You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Eron Wright (JIRA)" <ji...@apache.org> on 2016/05/18 19:15:13 UTC
[jira] [Commented] (FLINK-3670) Kerberos: Improving long-running
streaming jobs
[ https://issues.apache.org/jira/browse/FLINK-3670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15289619#comment-15289619 ]
Eron Wright commented on FLINK-3670:
-------------------------------------
After some design discussion, the keytab approach will be used as outlined in FLINK-3929.
> Kerberos: Improving long-running streaming jobs
> -----------------------------------------------
>
> Key: FLINK-3670
> URL: https://issues.apache.org/jira/browse/FLINK-3670
> Project: Flink
> Issue Type: Improvement
> Components: Command-line client, Local Runtime
> Reporter: Maximilian Michels
> Assignee: Eron Wright
>
> We have seen in the past, that Hadoop's delegation tokens are subject to a number of subtle token renewal bugs. In addition, they have a maximum life time that can be worked around but is very inconvenient for the user.
> As per [mailing list discussion|http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Kerberos-for-Streaming-amp-Kafka-td10906.html], a way to work around the maximum life time of DelegationTokens would be to pass the Kerberos principal and key tab upon job submission. A daemon could then periodically renew the ticket.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)