(DEPRECATED) Apache Flink Mailing List archive.

[jira] [Created] (FLINK-5949) Flink on YARN checks for Kerberos credentials for non-Kerberos authentication methods

classic Classic list List threaded Threaded
1 message Options
Shang Yuanchun (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (FLINK-5949) Flink on YARN checks for Kerberos credentials for non-Kerberos authentication methods

Shang Yuanchun (Jira)
Tzu-Li (Gordon) Tai created FLINK-5949:
------------------------------------------

             Summary: Flink on YARN checks for Kerberos credentials for non-Kerberos authentication methods
                 Key: FLINK-5949
                 URL: https://issues.apache.org/jira/browse/FLINK-5949
             Project: Flink
          Issue Type: Bug
          Components: Security
    Affects Versions: 1.2.0
            Reporter: Tzu-Li (Gordon) Tai
            Priority: Critical


Reported in ML: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Flink-Yarn-and-MapR-Kerberos-issue-td11996.html

The problem is that the Flink on YARN client incorrectly assumes {{UserGroupInformation.isSecurityEnabled()}} returns {{true}} only for Kerberos authentication modes, whereas it actually returns {{true}} for other kinds of authentications too.

We should use {{UserGroupInformation.getAuthenticationMethod()}} to check for {{KERBEROS}} only.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
Free forum by Nabble Edit this page