flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-3929) Support for Kerberos Authentication with Keytab Credential
Date Tue, 30 Aug 2016 14:28:20 GMT

    [ https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15449160#comment-15449160

ASF GitHub Bot commented on FLINK-3929:

Github user mxm commented on the issue:

    Thanks for testing this on an actual secure cluster. 
    Hmpf, only allowing to bind to privileged ports doesn't really improve security but we
have to deal with this limitation somehow. I was initially thinking we could just include
a custom version of the `MiniKDC` dependency in the Flink code. As you pointed out, this is
not possible because the problem lies in the `SecureDataNodeStarter` which returns the secure
resources. This class is part of `hadoop-hdfs`which we can't include a custom version because
it depends on the Hadoop version provided during build time.
    Once the patch is out, we can run this test in a special profile where we set the Hadoop
version which supports non-privileged ports. As of now, I don't see a feasible solution other
than skipping this test.

> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
> _This issue is part of a series of improvements detailed in the [Secure Data Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
design doc._
> Add support for a keytab credential to be associated with the Flink cluster, to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.

This message was sent by Atlassian JIRA

View raw message