flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-3929) Support for Kerberos Authentication with Keytab Credential
Date Wed, 27 Jul 2016 15:28:20 GMT

    [ https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15395843#comment-15395843

ASF GitHub Bot commented on FLINK-3929:

Github user mxm commented on the issue:

    I've passed through your changes. Great work! Thanks a lot for the documentation, it was
very helpful. Please don't be scared by all the comments, most of them are minor. The most
important points:
    - Do we need to run all the Yarn tests normally and secured? We already have problems
with our test execution time. Perhaps we could have one dedicated test for secure setups and
disable the other ones by default to run them manually if needed.
    - The testing code seems overly complicated using the custom JUnit Runner. I think we
could achieve the same with `@BeforeClass` and `@AfterClass` methods in the secure IT cases.

    - There is no dedicated test for the `SecurityContext` and the `JaasConfiguration` classes
    - It would be nice to add some documentation to the configuration web page.
    - We should throw exceptions if the secure configuration is not complete instead of falling
back to non-authenticated execution for either Hadoop or the Jaas configuration. Otherwise,
users might end up with a partly secure environment.

> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
> _This issue is part of a series of improvements detailed in the [Secure Data Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
design doc._
> Add support for a keytab credential to be associated with the Flink cluster, to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.

This message was sent by Atlassian JIRA

View raw message