Rong Rong created FLINK-11088:
---------------------------------
Summary: Improve Kerberos Authentication using Keytab in YARN proxy user mode
Key: FLINK-11088
URL:
https://issues.apache.org/jira/browse/FLINK-11088 Project: Flink
Issue Type: Improvement
Components: YARN
Reporter: Rong Rong
Currently flink-yarn assumes keytab is shipped as application master environment local resource on client side and will be distributed to all the TMs. This does not work for YARN proxy user mode since proxy user or super user does not have access to actual user's keytab but only delegation tokens.
We propose to have the keytab file path discovery configurable depending on the launch mode of the YARN client.
Reference:
https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/Superusers.html--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
