[
https://issues.apache.org/jira/browse/SPARK-13478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16657029#comment-16657029
]
Marcelo Vanzin commented on SPARK-13478:
----------------------------------------
If you have a principal and a keytab you don't need a proxy user. Just use the
principal and the keytab.
If the principal you're using is not the principal you want the app to run as,
then you can't give the app the principal's keytab. Otherwise the other user
will have access to it, and that's a security problem.
> Fetching delegation tokens for Hive fails when using proxy users
> ----------------------------------------------------------------
>
> Key: SPARK-13478
> URL: https://issues.apache.org/jira/browse/SPARK-13478
> Project: Spark
> Issue Type: Bug
> Components: YARN
> Affects Versions: 1.6.0, 2.0.0
> Reporter: Marcelo Vanzin
> Assignee: Marcelo Vanzin
> Priority: Minor
> Fix For: 1.6.4, 2.0.0
>
>
> If you use spark-submit's proxy user support, the code that fetches
> delegation tokens for the Hive Metastore fails. It seems like the Hive
> library tries to connect to the Metastore as the proxy user, and it doesn't
> have a Kerberos TGT for that user, so it fails.
> I don't know whether the same issue exists in the HBase code, but I'll make a
> similar change so that both behave similarly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
