flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-3929) Support for Kerberos Authentication with Keytab Credential
Date Tue, 02 Aug 2016 13:11:20 GMT

    [ https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15403938#comment-15403938
] 

ASF GitHub Bot commented on FLINK-3929:
---------------------------------------

Github user mxm commented on the issue:

    https://github.com/apache/flink/pull/2275
  
    > Yes, it is not essential to run the secure test case all the time as it consumes
more cycles. Do you have any suggestion on controlling this through some mvn/surefire plugin
configuration?
    
    I would suggest that we keep three integration test classes for testing security:
    1. Kafka (with Zookeeper)
    2. HDFS
    3. Yarn
    
    In addition, we need a unit test to verify that the security context is correctly set
up. I think we're covered then and don't need any more tests. After all, tests that are disabled
by default and we almost never run are not very useful.
    
    >It is little overhead but works out well with minimal changes to the code. We could
revisit and make any changes if it creates any issues.
    
    I would really like to move all security testing code to a utility class and call this
code through `@AfterClass` and `@BeforeClass` methods. If that is fine with you. This is simpler
and easier to understand than the custom runner implementation.
    
    >I believe you are referring to the https://ci.apache.org/projects/flink/flink-docs-master/setup/config.html.
If so, yes it certainly helps and I will be happy to add the details but I don't have access
to edit the page.
    
    You can actually change this page in the repository at [/docs/setup/config.md](/apache/flink/blob/master/docs/setup/config.md).
    
    Concerning `SASL_PLAINTEXT`: I suppose we're making an effort to encrypt the authentication
channel in the changes according to the security document? For now this seems fine.


> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
design doc._
> Add support for a keytab credential to be associated with the Flink cluster, to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message