[ https://issues.apache.org/jira/browse/FLINK-27191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17521544#comment-17521544 ]
Yuan Zhu commented on FLINK-27191: ---------------------------------- If user run a kerberos-disabled cluster and access to a kerberos-enabled hive. Then TM login by HadoopModule#install ->[invoke loginUserFromSubject|https://github.com/apache/flink/blob/ba027b6b1a956b425ff14ed8b55c6aeef3e565c8/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L114] ->UGI# [loginUserFromSubject|https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L717] . Here loginUser.spawnAutoRenewalThreadForUserCreds() will spawn a renewal thread if [authenticationMethod |https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L310]modified by the thread accessing hive , because UGI need setConfiguration before login. > Support multi kerberos-enabled Hive clusters > --------------------------------------------- > > Key: FLINK-27191 > URL: https://issues.apache.org/jira/browse/FLINK-27191 > Project: Flink > Issue Type: Improvement > Components: Connectors / Hive > Reporter: luoyuxia > Priority: Major > Fix For: 1.16.0 > > > Currently, to access kerberos-enabled Hive cluster, users are expected to add > key/secret in flink-conf. But it can only access one Hive cluster in one > Flink cluster, we are also expected to support multi kerberos-enabled Hive > clusters in one Flink cluster. -- This message was sent by Atlassian Jira (v8.20.1#820001)