Details
-
Question
-
Status: Resolved
-
Major
-
Resolution: Information Provided
-
2.2.1
-
None
-
None
Description
Hi,
We have a cluster that is secured over Kerberos on Cloudera. However, Spark is not managed by cloudera. We have our own distribution package with packages and deploys Spark 2.21 onto the cluster. The reason being, the version of Cloudera is 5.4 which does not support the Spark 2+
I see that we are able to submit jobs on the cluster with a valid keytab file and principal account, but unable to just do kinit and use the ticket generated in the session to authenticate the job.
Is there a way to not use the keytab/prinicipal to be passed explicitly and just use the kinit session of the user submitting the job?
Why is it essential to have a specific keytab file and pass it as args to spark submit / spark shell?
Please provide some context around how Spark authenticates using this data and why cant it use Kinit in this case?