Hi G, Thanks for starting the discussion. I think this is a important improvement for Flink. The proposal looks good to me. And I focus on one point.
1. Hope that keeping the consistent with current implementation, we rely on the config of 'security.kerberos.fetch.delegation-token’ to submit Flink Batch Action in Oozie. More details could be found in FLINK-21700 Looking forward to your implementations. Best JunFan. On Jan 12, 2022, 4:03 AM +0800, Márton Balassi <balassi.mar...@gmail.com>, wrote: > Hi G, > > Thanks for taking this challenge on. Scalable Kerberos authentication > support is important for Flink, delegation tokens is a great mechanism to > future-proof this. I second your assessment that the existing > implementation could use some improvement too and like the approach you > have outlined. It is crucial that the changes are self-contained and will > not affect users that do not use Kerberos, while are minimal for the ones > who do (configuration values change, but the defaults just keep working in > most cases). > > Thanks, > Marton > > On Tue, Jan 11, 2022 at 2:59 PM Gabor Somogyi <gabor.g.somo...@gmail.com> > wrote: > > > Hi All, > > > > Hope all of you have enjoyed the holiday season. > > > > I would like to start the discussion on FLIP-211 > > < > > https://cwiki.apache.org/confluence/display/FLINK/FLIP-211%3A+Kerberos+delegation+token+framework > > > > > which > > aims to provide a > > Kerberos delegation token framework that /obtains/renews/distributes tokens > > out-of-the-box. > > > > Please be aware that the FLIP wiki area is not fully done since the > > discussion may > > change the feature in major ways. The proposal can be found in a google doc > > here > > < > > https://docs.google.com/document/d/1JzMbQ1pCJsLVz8yHrCxroYMRP2GwGwvacLrGyaIx5Yc/edit?fbclid=IwAR0vfeJvAbEUSzHQAAJfnWTaX46L6o7LyXhMfBUCcPrNi-uXNgoOaI8PMDQ > > > > > . > > As the community agrees on the approach the content will be moved to the > > wiki page. > > > > Feel free to add your thoughts to make this feature better! > > > > BR, > > G > >