spark-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Francke <lars.fran...@gmail.com>
Subject Re: Keytab, Proxy User & Principal
Date Mon, 09 Mar 2020 09:08:27 GMT
I just wanted to bump this to see if anyone has any opinions on this?

On Fri, Feb 28, 2020 at 3:20 PM Lars Francke <lars.francke@gmail.com> wrote:

> Hi,
>
> I understand that we forbid specifying "principal" & "proxy user" at the
> same time because the current logic would just stage the keytab and the
> proxy user could then use that to gain full access circumventing any
> security.
>
> But we have a use-case for Livy where a different semantic would be great:
> Livy is supposed to submit a job for other users. It does so by specifying
> "proxy user" and it relies on the local credential cache (outside of Java)
> to contain the proper tickets (it runs kinit in a background thread).
>
> This will only work if Livy runs in an environment where it's the only
> user working with that credentials cache. Unfortunately that's not always
> the case when multiple services share the same user.
>
> (One thing we'll try is to use the KRB5CCNAME environment variable to
> point to a different Credential Cache for Livy but I'm not sure yet if
> that's being passed on to the spawned Spark process)
>
> Can we not allow specifying a keytab and principal together with proxy
> user but those are only used for the initial login to submit the job and
> are not shipped to the cluster? This way jobs wouldn't need to rely on the
> operating system.
>
> Maybe I'm missing something as well?
>
> Cheers,
> Lars
>

Mime
View raw message