Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-25732

Allow specifying a keytab/principal for proxy user for token renewal

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0
    • Fix Version/s: None
    • Component/s: Deploy
    • Labels:
      None

      Description

      As of now, application submitted with proxy-user fail after 2 week due to the lack of token renewal. In order to enable it, we need the the keytab/principal of the impersonated user to be specified, in order to have them available for the token renewal.

      This JIRA proposes to add two parameters -proxy-user-principal and -proxy-user-keytab, and the last letting a keytab being specified also in a distributed FS, so that applications can be submitted by servers (eg. Livy, Zeppelin) without needing all users' principals being on that machine.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mgaido Marco Gaido
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: