spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcelo Vanzin (JIRA)" <>
Subject [jira] [Commented] (SPARK-25732) Allow specifying a keytab/principal for proxy user for token renewal
Date Mon, 15 Oct 2018 17:49:00 GMT


Marcelo Vanzin commented on SPARK-25732:

I'd have preferred a system where Livy handles this for the users by periodically creating
new delegation tokens for them and sending them to Spark. Saisai looked at something like
this in the past, but distributing the tokens to Spark was the main issue.

With Livy you already have an RPC channel to the Spark context, so maybe that could be done?
But it would probably still require some new API in Spark itself...

If those paths don't work, then this would be no worse than what Spark already has. Main issue
is that you seem to be mixing keytab/principal with proxy user and that doesn't work - Spark
explicitly disallows that combination.

> Allow specifying a keytab/principal for proxy user for token renewal 
> ---------------------------------------------------------------------
>                 Key: SPARK-25732
>                 URL:
>             Project: Spark
>          Issue Type: Improvement
>          Components: Deploy
>    Affects Versions: 2.4.0
>            Reporter: Marco Gaido
>            Priority: Major
> As of now, application submitted with proxy-user fail after 2 week due to the lack of
token renewal. In order to enable it, we need the the keytab/principal of the impersonated
user to be specified, in order to have them available for the token renewal.
> This JIRA proposes to add two parameters {{--proxy-user-principal}} and {{--proxy-user-keytab}},
and the last letting a keytab being specified also in a distributed FS, so that applications
can be submitted by servers (eg. Livy, Zeppelin) without needing all users' principals being
on that machine.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message