flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eron Wright <ewri...@live.com>
Subject RE: Kerberos for Streaming & Kafka
Date Fri, 25 Mar 2016 23:18:36 GMT
(fixed bad formatting)

Given the other thread about per-job Kerberos identity, now's a good time to discuss some
problems with the current delegation-token approach, since the answer could bear on the per-job

I see two problems:

1. Delegation tokens expire. For a continuous streaming job to survive, the original keytab
is needed to re-authenticate. Spark Streaming solved this problem with `--keytab` on spark-submit
(see AMDelegationTokenRenewer.scala).

2. Kafka doesn't support delegation tokens yet (see KIP-48 and KAFKA-1696).

Thoughts? Thanks!
- Eron Wright

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message