[jira] [Commented] (FLINK-3929) Support for Kerberos Authentication with Keytab Credential

Tue, 02 Aug 2016 07:04:23 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-3929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15404003#comment-15404003
 ] 

ASF GitHub Bot commented on FLINK-3929:
---------------------------------------

Github user mxm commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2275#discussion_r73159225
  
    --- Diff: 
flink-core/src/main/java/org/apache/flink/configuration/ConfigConstants.java ---
    @@ -1016,6 +1016,23 @@
        /** The environment variable name which contains the location of the 
lib folder */
        public static final String ENV_FLINK_LIB_DIR = "FLINK_LIB_DIR";
     
    +   // -------------------------------- Security 
-------------------------------
    +
    +   /**
    +    * The config parameter defining security credentials required
    +    * for securing Flink cluster.
    +    */
    +
    +   /** Keytab file key name to be used in flink configuration file */
    +   public static final String SECURITY_KEYTAB_KEY = "security.keytab";
    +
    +   /** Kerberos security principal key name to be used in flink 
configuration file */
    +   public static final String SECURITY_PRINCIPAL_KEY = 
"security.principal";
    +
    +   /** Keytab file name populated in YARN container */
    +   public static final String KEYTAB_FILE_NAME = "krb5.keytab";
    --- End diff --
    
    My point is that this class is declared `@Public` and we will have to stick 
with this config key name. It could also reside in the `flink-yarn` module 
because it doesn't have to be exposed to the user.


> Support for Kerberos Authentication with Keytab Credential
> ----------------------------------------------------------
>
>                 Key: FLINK-3929
>                 URL: https://issues.apache.org/jira/browse/FLINK-3929
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: kerberos, security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Add support for a keytab credential to be associated with the Flink cluster, 
> to facilitate:
> - Kerberos-authenticated data access for connectors
> - Kerberos-authenticated ZooKeeper access
> Support both the standalone and YARN deployment modes.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to