GitHub user tzulitai opened a pull request:
FLINK-5949 [yarn] Don't check Kerberos credentials for non-Kerberos…
Additionally uses the `UserGroupInformation#getAuthenticationMethod()` to determine whether `KERBEROS` is used for authentication.
This fixes issues MapR users have been bumping into, where only MapR's custom SSL security was enabled (no Kerberos), but the Kerberos credentials were still checked for. For MapR's SSL security, the `getAuthenticationMethod()` returns `CUSTOM` (see http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Flink-Yarn-and-MapR-Kerberos-issue-td11996.html).
Also tested and confirmed that the change doesn't break previous Kerberos with YARN behaviours for other vendors, e.g. CDH.
This change should also be backported for release-1.2.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/tzulitai/flink
Alternatively you can review and apply these changes as the patch at:
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3528
Author: Tzu-Li (Gordon) Tai <firstname.lastname@example.org>
FLINK-5949 [yarn] Don't check Kerberos credentials for non-Kerberos authentication methods