Would be great if Zeppelin would launch user's Zeppelin interpreter processes under their own uid through setuid() call.
So then keytabs could be locked down to be accessible to that one user.
For example, after I LDAP-authenticated as "tagar" user, Zeppelin will drop down uid to tagar user and its keytab will have unix access bits set to 0600.
Another advantage is that for example, user's shell interpreter would find ~ to be correct user's home directory, not a shared service accounts' home directory.
Notice, that setuid() doesn't require Zeppelin to run as root user. It's only required to set CAP_SETUID Linux capability on the executable so Zeppelin server can change user's interpreter processes from Zeppelin's service account's uid to that specific user's uid.