[
https://issues.apache.org/jira/browse/SPARK-12646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15091317#comment-15091317
]
Marcelo Vanzin commented on SPARK-12646:
----------------------------------------
I don't understand why you need this.
Hadoop needs it because when you bring up a large number of, for example,
DataNodes or NameNodes, each one needs a different kerberos principal; so
Hadoop uses {{principal/host@REALM}} to achieve that. To make configuration
easier, they added support for the {{_HOST}} replacement so that you can
distribute the same config file on all hosts, and each one would replace
{{_HOST}} with its own hostname to create a unique kerberos principal.
Spark's case is completely different. Here it's the user's principal and
keytab; they user running the application. The probability of a user needing
any of the above is close to zero.
Do you have a use case for this that you have not explained? Or do you just
want to copy a feature from Hadoop that doesn't really make a lot of sense in
Spark?
> Support _HOST in kerberos principal for connecting to secure cluster
> --------------------------------------------------------------------
>
> Key: SPARK-12646
> URL: https://issues.apache.org/jira/browse/SPARK-12646
> Project: Spark
> Issue Type: Improvement
> Components: YARN
> Reporter: Hari Krishna Dara
> Priority: Minor
> Labels: security
>
> Hadoop supports _HOST as a token that is dynamically replaced with the actual
> hostname at the time the kerberos authentication is done. This is supported
> in many hadoop stacks including YARN. When configuring Spark to connect to
> secure cluster (e.g., yarn-cluster or yarn-client as master), it would be
> natural to extend support for this token to Spark as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
