[
https://issues.apache.org/jira/browse/SPARK-16742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15963592#comment-15963592
]
Marcelo Vanzin commented on SPARK-16742:
----------------------------------------
bq. It authenticates the Mesos principal, and this principal is allowed to
launch processes only as certain Linux users. It's up the cluster admin to
setup this mapping appropriately.
Ok, that sounds similar then. Basically, you *can* set up Mesos so that it can
do this securely, which was my initial question. (Being able to set things up
in an insecure way is not actually that interesting; I just wanted to make sure
there *is* a way to set things up securely.)
So, assuming that Mesos is configured properly, then it should be OK for Spark
code to distribute user credentials.
bq. I actually said a "user might not be kinit'd". They may, however, have
access to the keytab.
That sounds like you might need the current code that distributes keytabs and
logs in the cluster to make even client mode work in this setup.
> Kerberos support for Spark on Mesos
> -----------------------------------
>
> Key: SPARK-16742
> URL: https://issues.apache.org/jira/browse/SPARK-16742
> Project: Spark
> Issue Type: New Feature
> Components: Mesos
> Reporter: Michael Gummelt
>
> We at Mesosphere have written Kerberos support for Spark on Mesos. We'll be
> contributing it to Apache Spark soon.
> Mesosphere design doc:
> https://docs.google.com/document/d/1xyzICg7SIaugCEcB4w1vBWp24UDkyJ1Pyt2jtnREFqc/edit#heading=h.tdnq7wilqrj6
> Mesosphere code:
> https://github.com/mesosphere/spark/commit/73ba2ab8d97510d5475ef9a48c673ce34f7173fa
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
