[SPARK-26595] Allow delegation token renewal without a keytab - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4.0
Fix Version/s: 3.0.0
Component/s: Spark Core
Labels:
None

Description

Currently the delegation token renewal feature requires the user to provide Spark with a keytab.

It would be nice for this to also be supported when the user doesn't have a keytab, as long as the user keeps a valid kerberos login. Spark has access to the user's credential cache in that case, and can keep tokens updated much like in the keytab case.

It's not as automatic as with keytabs, but can help in some environments.

Attachments

Issue Links

links to

GitHub Pull Request #23525

Activity

People

Assignee:: Marcelo Masiero Vanzin

Reporter:: Marcelo Masiero Vanzin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Jan/19 00:00

Updated:: 28/Jan/19 21:36

Resolved:: 28/Jan/19 21:33