You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Eron Wright (JIRA)" <ji...@apache.org> on 2016/05/18 19:15:13 UTC

[jira] [Commented] (FLINK-3670) Kerberos: Improving long-running streaming jobs

    [ https://issues.apache.org/jira/browse/FLINK-3670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15289619#comment-15289619 ] 

Eron Wright  commented on FLINK-3670:
-------------------------------------

After some design discussion, the keytab approach will be used as outlined in FLINK-3929.

> Kerberos: Improving long-running streaming jobs
> -----------------------------------------------
>
>                 Key: FLINK-3670
>                 URL: https://issues.apache.org/jira/browse/FLINK-3670
>             Project: Flink
>          Issue Type: Improvement
>          Components: Command-line client, Local Runtime
>            Reporter: Maximilian Michels
>            Assignee: Eron Wright 
>
> We have seen in the past, that Hadoop's delegation tokens are subject to a number of subtle token renewal bugs. In addition, they have a maximum life time that can be worked around but is very inconvenient for the user.
> As per [mailing list discussion|http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Kerberos-for-Streaming-amp-Kafka-td10906.html], a way to work around the maximum life time of DelegationTokens would be to pass the Kerberos principal and key tab upon job submission. A daemon could then periodically renew the ticket. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)