[
https://issues.apache.org/jira/browse/SAMZA-727?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15180430#comment-15180430
]
Yi Pan (Data Infrastructure) commented on SAMZA-727:
----------------------------------------------------
[~capricornius], could you clarify what you meant by "original RM token"? Based
on [~steve_l]'s webcast session, it seems that there is only: a) HDFS
delegation token the job runner should acquire from the NameNode and pass to RM
in launch context; b) AM/RM token that RM issues to AM. And w/ keytab located
by AM, AM/RM token can be refreshed. The only thing that seems not being
renewable is the HDFS delegation token that the job runner included in launch
context when submitting the job to RM. Is it what you referred to?
However, I wonder if the keytab is available to AM, couldn't AM also use the
keytab to obtain a ticket from Kerberos Domain Controller and get a new HDFS
delegation ticket from NameNode as well?
It would be helpful if we can document the ticket/token acquisition/renew
process against what [~steve_l] talked about YARN application authentication
procedure w/ Kerberos together.
> Support for Kerberos
> --------------------
>
> Key: SAMZA-727
> URL: https://issues.apache.org/jira/browse/SAMZA-727
> Project: Samza
> Issue Type: New Feature
> Components: yarn
> Affects Versions: 0.9.0
> Environment: YARN with Kerberos
> Reporter: Qi FU
> Assignee: Chen Song
> Fix For: 0.10.1
>
> Attachments: SAMZA-727.patch
>
>
> Samza doesn't support Kerberos, which is very common for YARN cluster.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
