[
https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402626#comment-15402626
]
ASF GitHub Bot commented on FLINK-3929:
---------------------------------------
Github user vijikarthi commented on the issue:
https://github.com/apache/flink/pull/2275
@mxm - Thanks for your feedback and here is my response to some of your
comments.
- Do we need to run all the Yarn tests normally and secured? We already
have problems with our test execution time. Perhaps we could have one dedicated
test for secure setups and disable the other ones by default to run them
manually if needed.
[Vijay] - Yes, it is not essential to run the secure test case all the time
as it consumes more cycles. Do you have any suggestion on controlling this
through some mvn/surefire plugin configuration?
- The testing code seems overly complicated using the custom JUnit Runner.
I think we could achieve the same with @BeforeClass and @AfterClass methods in
the secure IT cases.
[Vijay] - It is little overhead but works out well with minimal changes to
the code. We could revisit and make any changes if it creates any issues.
- There is no dedicated test for the SecurityContext and the
JaasConfiguration classes
[Vijay] - Yes, will add UT for those classes.
- It would be nice to add some documentation to the configuration web page.
[Vijay] - I believe you are referring to the
https://ci.apache.org/projects/flink/flink-docs-master/setup/config.html. If
so, yes it certainly helps and I will be happy to add the details but I don't
have access to edit the page.
- We should throw exceptions if the secure configuration is not complete
instead of falling back to non-authenticated execution for either Hadoop or the
Jaas configuration. Otherwise, users might end up with a partly secure
environment.
[Vijay] - Yes, will add the validation logic
> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
> Key: FLINK-3929
> URL: https://issues.apache.org/jira/browse/FLINK-3929
> Project: Flink
> Issue Type: New Feature
> Reporter: Eron Wright
> Assignee: Vijay Srinivasaraghavan
> Labels: kerberos, security
> Original Estimate: 672h
> Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
> design doc._
> Add support for a keytab credential to be associated with the Flink cluster,
> to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
