[ https://issues.apache.org/jira/browse/SPARK-25732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16651827#comment-16651827 ]
Thomas Graves commented on SPARK-25732: --------------------------------------- yeah I understand the concern, we don't want to confuse user if we can help it. The 2 command above are the same except the --proxy-user and in my opinion, I don't think it would be confusing to the user, you pass in the keytab and principal for the user who's credentials you want refreshed, in this case its user "a" in both cases. Seems like making sure docs are clear should make it clear to the users. I assume most users submitting via livy don't realize they are using livy and being launched as proxy-user. So user would just specify keytab/principal configs based on their own user. > Allow specifying a keytab/principal for proxy user for token renewal > --------------------------------------------------------------------- > > Key: SPARK-25732 > URL: https://issues.apache.org/jira/browse/SPARK-25732 > Project: Spark > Issue Type: Improvement > Components: Deploy > Affects Versions: 2.4.0 > Reporter: Marco Gaido > Priority: Major > > As of now, application submitted with proxy-user fail after 2 week due to the > lack of token renewal. In order to enable it, we need the the > keytab/principal of the impersonated user to be specified, in order to have > them available for the token renewal. > This JIRA proposes to add two parameters {{--proxy-user-principal}} and > {{--proxy-user-keytab}}, and the last letting a keytab being specified also > in a distributed FS, so that applications can be submitted by servers (eg. > Livy, Zeppelin) without needing all users' principals being on that machine. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org