flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eron Wright <ewri...@live.com>
Subject Kerberos for Streaming & Kafka
Date Thu, 24 Mar 2016 23:10:01 GMT
Hi,
Given the other thread about per-job Kerberos identity, now's a good time to discuss some
problems with the current delegation-token approach, since the answer could bear on the per-job
enhancement.
Two problems:Delegation tokens expire.  For a continuous streaming job to survive, the original
keytab is needed to re-authenticate.   Spark Streaming solved this problem with `--keytab`
on spark-submit (see AMDelegationTokenRenewer.scala).Kafka doesn't support delegation tokens
yet (see KIP-48 and KAFKA-1696).
Thoughts?  Thanks!
- Eron Wright
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message