[jira] [Commented] (SPARK-27742) Security Support in Sources and Sinks for SS and Batch

Thu, 30 May 2019 06:47:49 -0700 


    [ 
https://issues.apache.org/jira/browse/SPARK-27742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16851883#comment-16851883
 ] 

Gabor Somogyi commented on SPARK-27742:
---------------------------------------

{quote}what happens with Kafka delegation tokens after max life time.
{quote}
If you take a look at the code new token will be obtained at "expiryTimestamp * 
0.75". I don't think maxLifeTimeMs and renewal has to be implemented because 
the code will be significantly complicated but the end result would be the same 
from user perspective.
{quote}no option for setting the max life time at least, it defaults to 
maxLifeTimeMs = -1L
{quote}
>From client side the max lifetime can be only decreased for security reasons + 
>see my previous point.
{quote}CreateDelegationTokenOptions also allows you to pass a principal.
{quote}
That list is who can renew the tokens. There is no possibility to obtain token 
for anybody else (pls see the comment in the code).


> Security Support in Sources and Sinks for SS and Batch
> ------------------------------------------------------
>
>                 Key: SPARK-27742
>                 URL: https://issues.apache.org/jira/browse/SPARK-27742
>             Project: Spark
>          Issue Type: Brainstorming
>          Components: SQL, Structured Streaming
>    Affects Versions: 3.0.0
>            Reporter: Stavros Kontopoulos
>            Priority: Major
>
> As discussed with [~erikerlandson] on the [Big Data on K8s 
> UG|https://docs.google.com/document/d/1pnF38NF6N5eM8DlK088XUW85Vms4V2uTsGZvSp8MNIA]
>  it would be good to capture current status and identify work that needs to 
> be done for securing Spark when accessing sources and sinks. For example what 
> is the status of SSL, Kerberos support in different scenarios. The big 
> concern nowadays is how to secure data pipelines end-to-end. 
> Note: Not sure if this overlaps with some other ticket. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to