Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-26595

Allow delegation token renewal without a keytab

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.0
    • Fix Version/s: 3.0.0
    • Component/s: Spark Core
    • Labels:
      None

      Description

      Currently the delegation token renewal feature requires the user to provide Spark with a keytab.

      It would be nice for this to also be supported when the user doesn't have a keytab, as long as the user keeps a valid kerberos login. Spark has access to the user's credential cache in that case, and can keep tokens updated much like in the keytab case.

      It's not as automatic as with keytabs, but can help in some environments.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vanzin Marcelo Masiero Vanzin
                Reporter:
                vanzin Marcelo Masiero Vanzin
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: