[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DISCUSS] Flink Kerberos Improvement

Hi All,

We have been experimenting integration of Kerberos with Flink in our Corp
environment and found out some limitations on the current Flink-Kerberos
security mechanism running with Apache YARN.

Based on the Hadoop Kerberos security guide [1]. Apparently there are only
a subset of the suggested long-running service security mechanism is
supported in Flink. Furthermore, the current model does not work well with
superuser impersonating actual users [2] for deployment purposes, which is
a widely adopted way to launch application in corp environments.

We would like to propose an improvement [3] to introduce the other comment
methods [1] for securing long-running application on YARN and enable
impersonation mode. Any comments and suggestions are highly appreciated.

Many thanks,