Details
-
Sub-task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
In the kerberized environment, all the interpreter use the same keytab/principal, this is pretty dangerous. E.g. User A can use shell interpreter which run as user B to delete all the files owned by user B.
Although some interpreter has implement its kerbosed usage, I just feel we might need to make a general impersonation framework for all the interpreter (If not possible for all interpreter, but at least this framework should cover most of the interpreter).
Attachments
Issue Links
- is related to
-
ZEPPELIN-1320 Run zeppelin interpreter process as web front end user
- Resolved
-
ZEPPELIN-1730 impersonate spark interpreter using --proxy-user
- Resolved