[
https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15403938#comment-15403938
]
ASF GitHub Bot commented on FLINK-3929:
---------------------------------------
Github user mxm commented on the issue:
https://github.com/apache/flink/pull/2275
> Yes, it is not essential to run the secure test case all the time as it
consumes more cycles. Do you have any suggestion on controlling this through
some mvn/surefire plugin configuration?
I would suggest that we keep three integration test classes for testing
security:
1. Kafka (with Zookeeper)
2. HDFS
3. Yarn
In addition, we need a unit test to verify that the security context is
correctly set up. I think we're covered then and don't need any more tests.
After all, tests that are disabled by default and we almost never run are not
very useful.
>It is little overhead but works out well with minimal changes to the code.
We could revisit and make any changes if it creates any issues.
I would really like to move all security testing code to a utility class
and call this code through `@AfterClass` and `@BeforeClass` methods. If that is
fine with you. This is simpler and easier to understand than the custom runner
implementation.
>I believe you are referring to the
https://ci.apache.org/projects/flink/flink-docs-master/setup/config.html. If
so, yes it certainly helps and I will be happy to add the details but I don't
have access to edit the page.
You can actually change this page in the repository at
[/docs/setup/config.md](/apache/flink/blob/master/docs/setup/config.md).
Concerning `SASL_PLAINTEXT`: I suppose we're making an effort to encrypt
the authentication channel in the changes according to the security document?
For now this seems fine.
> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
> Key: FLINK-3929
> URL: https://issues.apache.org/jira/browse/FLINK-3929
> Project: Flink
> Issue Type: New Feature
> Reporter: Eron Wright
> Assignee: Vijay Srinivasaraghavan
> Labels: kerberos, security
> Original Estimate: 672h
> Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
> design doc._
> Add support for a keytab credential to be associated with the Flink cluster,
> to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
