spark-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vanzin <...@git.apache.org>
Subject [GitHub] spark issue #17530: [SPARK-5158] Access kerberized HDFS from Spark standalon...
Date Wed, 05 Apr 2017 19:50:20 GMT
Github user vanzin commented on the issue:

    https://github.com/apache/spark/pull/17530
  
    I'm sorry but you won't convince me that it's a useful feature to have Spark be a big
security hole when inserted into a kerberos environment.
    
    As I said, if you want to change your approach to have the Master / Worker daemons manage
a kerberos login that is shared among all users, that would be more acceptable, and also cover
your use case as far as I can see. But your current approach is just not going to happen,
at least from my point of view. If you can find someone else to shepherd your PR, I'll let
them figure it out, but I'm not for adding this particular implementation to Spark.
    
    And people can use YARN if they really care about security. Standalone was never meant
to be secure, nor used in secure environments. (There's also ongoing work to get Kerberos
to work with Mesos, which does have the necessary security features as far as I know.)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org


Mime
View raw message