Hi G, Thanks for taking this challenge on. Scalable Kerberos authentication support is important for Flink, delegation tokens is a great mechanism to future-proof this. I second your assessment that the existing implementation could use some improvement too and like the approach you have outlined. It is crucial that the changes are self-contained and will not affect users that do not use Kerberos, while are minimal for the ones who do (configuration values change, but the defaults just keep working in most cases).
Thanks, Marton On Tue, Jan 11, 2022 at 2:59 PM Gabor Somogyi <gabor.g.somo...@gmail.com> wrote: > Hi All, > > Hope all of you have enjoyed the holiday season. > > I would like to start the discussion on FLIP-211 > < > https://cwiki.apache.org/confluence/display/FLINK/FLIP-211%3A+Kerberos+delegation+token+framework > > > which > aims to provide a > Kerberos delegation token framework that /obtains/renews/distributes tokens > out-of-the-box. > > Please be aware that the FLIP wiki area is not fully done since the > discussion may > change the feature in major ways. The proposal can be found in a google doc > here > < > https://docs.google.com/document/d/1JzMbQ1pCJsLVz8yHrCxroYMRP2GwGwvacLrGyaIx5Yc/edit?fbclid=IwAR0vfeJvAbEUSzHQAAJfnWTaX46L6o7LyXhMfBUCcPrNi-uXNgoOaI8PMDQ > > > . > As the community agrees on the approach the content will be moved to the > wiki page. > > Feel free to add your thoughts to make this feature better! > > BR, > G >
