Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.1.0
-
None
-
None
Description
As of now, application submitted with proxy-user fail after 2 week due to the lack of token renewal. In order to enable it, we need the the keytab/principal of the impersonated user to be specified, in order to have them available for the token renewal.
This JIRA proposes to add two parameters -proxy-user-principal and -proxy-user-keytab, and the last letting a keytab being specified also in a distributed FS, so that applications can be submitted by servers (eg. Livy, Zeppelin) without needing all users' principals being on that machine.