[
https://issues.apache.org/jira/browse/SPARK-5158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15149309#comment-15149309
]
Henry Saputra edited comment on SPARK-5158 at 2/16/16 9:14 PM:
---------------------------------------------------------------
HI All, seemed like all PRs for this issue are closed.
This PR:
https://github.com/apache/spark/pull/265
is closed claiming there is a more recent PR is being work on, which I assume
is this one:
https://github.com/apache/spark/pull/4106
but this one is also closed due to inactivity.
Looking at the issues filed that are closed as duplicate for this one, there is
a need and interest to get standalone mode to access secured HDFS given the
active users keytab already available to the machines that run Spark.
was (Author: hsaputra):
All, the PR for this issues are closed.
This PR:
https://github.com/apache/spark/pull/265
is closed claiming there is a more recent PR is being work on, which I assume
is this one:
https://github.com/apache/spark/pull/4106
but this one is also closed due to inactivity.
Looking at the issues filed that are closed as duplicate for this one, there is
a need and interest to get standalone mode to access secured HDFS given the
active users keytab already available to the machines that run Spark.
> Allow for keytab-based HDFS security in Standalone mode
> -------------------------------------------------------
>
> Key: SPARK-5158
> URL: https://issues.apache.org/jira/browse/SPARK-5158
> Project: Spark
> Issue Type: New Feature
> Components: Spark Core
> Reporter: Patrick Wendell
> Assignee: Matthew Cheah
> Priority: Critical
>
> There have been a handful of patches for allowing access to Kerberized HDFS
> clusters in standalone mode. The main reason we haven't accepted these
> patches have been that they rely on insecure distribution of token files from
> the driver to the other components.
> As a simpler solution, I wonder if we should just provide a way to have the
> Spark driver and executors independently log in and acquire credentials using
> a keytab. This would work for users who have a dedicated, single-tenant,
> Spark clusters (i.e. they are willing to have a keytab on every machine
> running Spark for their application). It wouldn't address all possible
> deployment scenarios, but if it's simple I think it's worth considering.
> This would also work for Spark streaming jobs, which often run on dedicated
> hardware since they are long-running services.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
