[
https://issues.apache.org/jira/browse/FLINK-27191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17521544#comment-17521544
]
Yuan Zhu commented on FLINK-27191:
----------------------------------
If user run a kerberos-disabled cluster and access to a kerberos-enabled hive.
Then TM login by HadoopModule#install ->[invoke
loginUserFromSubject|https://github.com/apache/flink/blob/ba027b6b1a956b425ff14ed8b55c6aeef3e565c8/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L114]
->UGI#
[loginUserFromSubject|https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L717]
.
Here loginUser.spawnAutoRenewalThreadForUserCreds() will spawn a renewal thread
if [authenticationMethod
|https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L310]modified
by the thread accessing hive , because UGI need setConfiguration before login.
> Support multi kerberos-enabled Hive clusters
> ---------------------------------------------
>
> Key: FLINK-27191
> URL: https://issues.apache.org/jira/browse/FLINK-27191
> Project: Flink
> Issue Type: Improvement
> Components: Connectors / Hive
> Reporter: luoyuxia
> Priority: Major
> Fix For: 1.16.0
>
>
> Currently, to access kerberos-enabled Hive cluster, users are expected to add
> key/secret in flink-conf. But it can only access one Hive cluster in one
> Flink cluster, we are also expected to support multi kerberos-enabled Hive
> clusters in one Flink cluster.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
