You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2022/04/13 07:47:28 UTC

[GitHub] [flink] dmvk commented on pull request #19372: [FLINK-26043][runtime][security] Add periodic kerberos relogin to KerberosDelegationTokenManager

dmvk commented on PR #19372:
URL: https://github.com/apache/flink/pull/19372#issuecomment-1097668495

   > Not sure what you mean here. TGT renewal and token obtain are totally different from many factors:
   >
   >    They obtain different things
   >    They does it with different frequency
   >
   > I would like ask you to elaborate on this.
   
   I've just noticed it's not implemented (yet) and my intuition was that the only difference is the frequency. If it does a different thing, that it's fine 👍 
   
   > The cluster entrypoint might be confusing for the user if hadoop is not present on the classpath, because we print the
   > missing hadoop warning on DEBUG level.
   
   In that case we could either:
   1) Consider it a misconfiguration and fail fast -> this would require changing the default value of `KERBEROS_FETCH_DELEGATION_TOKEN` to `false`
   2) We could print a warning with a nice explanation what it really means. This similar to what we were doing prior the introduction of the `HadoopDependency` class, but the main difference would be that this time it wouldn't be an ill-formatted stacktrace with no proper explanation.
   
   In both cases, `true` doesn't seem to be a reasonable default for `KERBEROS_FETCH_DELEGATION_TOKEN`. Any thoughts?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org