[ https://issues.apache.org/jira/browse/SPARK-16742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15963592#comment-15963592 ]
Marcelo Vanzin commented on SPARK-16742: ---------------------------------------- bq. It authenticates the Mesos principal, and this principal is allowed to launch processes only as certain Linux users. It's up the cluster admin to setup this mapping appropriately. Ok, that sounds similar then. Basically, you *can* set up Mesos so that it can do this securely, which was my initial question. (Being able to set things up in an insecure way is not actually that interesting; I just wanted to make sure there *is* a way to set things up securely.) So, assuming that Mesos is configured properly, then it should be OK for Spark code to distribute user credentials. bq. I actually said a "user might not be kinit'd". They may, however, have access to the keytab. That sounds like you might need the current code that distributes keytabs and logs in the cluster to make even client mode work in this setup. > Kerberos support for Spark on Mesos > ----------------------------------- > > Key: SPARK-16742 > URL: https://issues.apache.org/jira/browse/SPARK-16742 > Project: Spark > Issue Type: New Feature > Components: Mesos > Reporter: Michael Gummelt > > We at Mesosphere have written Kerberos support for Spark on Mesos. We'll be > contributing it to Apache Spark soon. > Mesosphere design doc: > https://docs.google.com/document/d/1xyzICg7SIaugCEcB4w1vBWp24UDkyJ1Pyt2jtnREFqc/edit#heading=h.tdnq7wilqrj6 > Mesosphere code: > https://github.com/mesosphere/spark/commit/73ba2ab8d97510d5475ef9a48c673ce34f7173fa -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org