flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-3929) Support for Kerberos Authentication with Keytab Credential
Date Sun, 28 Aug 2016 20:14:20 GMT

    [ https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15444044#comment-15444044
] 

ASF GitHub Bot commented on FLINK-3929:
---------------------------------------

Github user vijikarthi commented on the issue:

    https://github.com/apache/flink/pull/2275
  
    > 
    YARNSessionFIFOSecuredITCase gives me the following:
    17:49:58,097 INFO SecurityLogger.org.apache.hadoop.ipc.Server - Auth successful for appattempt_1471880990715_0001_000001
(auth:SIMPLE)
    It is not using Kerberos it seems. We should check that security is really enabled and
fail the test if not.
    
    @mxm I am not sure why the log statements from IPC layers are using auth:SIMPLE but I
have verified the same messages (NM/RM logs) on a running HDP (secure) cluster too. I would
imagine this is the default implementation and we can ignore those messages. However, while
investigating this issue, I have found an interesting problem with YarnMiniCluster. The containers
created does not have the Yarn Configuration that we pass through the test code. The KRB5
file is also not visible and hence the UGI/security context that we create was missing proper
Hadoop configurations. I have fixed the issue and patched it.
    
    I have also disabled the RollingSinkSecure IT test case since secure MiniFS cluster requires
privileged ports. We can enable the test case when the patch (HDFS-9213) is made in to main
stream.
    
    Please take a look and let me know if you can deploy and run the code.


> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
design doc._
> Add support for a keytab credential to be associated with the Flink cluster, to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message