Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-11271 Improvement to Kerberos Security
  3. FLINK-15561

Unify Kerberos credentials checking

    XMLWordPrintableJSON

    Details

      Description

      Inspired by the discussion in http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Yarn-Kerberos-issue-td31894.html#a31933

       

      Currently the security HadoopModule handles delegation token login utilizes 2 different code path. 

      Flink needs to to ensure delegation token is also a valid format of credential when launching YARN context. See [1] https://github.com/apache/flink/blob/master/flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java#L484 and [2] https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L146

        Attachments

          Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. FLINK-18045 Fix Kerberos credentials checking to unblock Flink on secured MapR

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link GitHub Pull Request #10891

            Activity

              People

              • Assignee:
                rongr Rong Rong
                Reporter:
                rongr Rong Rong
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m