[ https://issues.apache.org/jira/browse/SPARK-12646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15091317#comment-15091317 ]
Marcelo Vanzin commented on SPARK-12646: ---------------------------------------- I don't understand why you need this. Hadoop needs it because when you bring up a large number of, for example, DataNodes or NameNodes, each one needs a different kerberos principal; so Hadoop uses {{principal/host@REALM}} to achieve that. To make configuration easier, they added support for the {{_HOST}} replacement so that you can distribute the same config file on all hosts, and each one would replace {{_HOST}} with its own hostname to create a unique kerberos principal. Spark's case is completely different. Here it's the user's principal and keytab; they user running the application. The probability of a user needing any of the above is close to zero. Do you have a use case for this that you have not explained? Or do you just want to copy a feature from Hadoop that doesn't really make a lot of sense in Spark? > Support _HOST in kerberos principal for connecting to secure cluster > -------------------------------------------------------------------- > > Key: SPARK-12646 > URL: https://issues.apache.org/jira/browse/SPARK-12646 > Project: Spark > Issue Type: Improvement > Components: YARN > Reporter: Hari Krishna Dara > Priority: Minor > Labels: security > > Hadoop supports _HOST as a token that is dynamically replaced with the actual > hostname at the time the kerberos authentication is done. This is supported > in many hadoop stacks including YARN. When configuring Spark to connect to > secure cluster (e.g., yarn-cluster or yarn-client as master), it would be > natural to extend support for this token to Spark as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org