Github user felixcheung commented on the issue:
https://github.com/apache/zeppelin/pull/1163
I think getting impersonation is an important next step that could come
after.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/1163
CI fail is unrelated, which fails for Build #6048.2 with `No output has
been received in the last 10 minutes, this potentially indicates a stalled
build or something wrong with the build
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/1163
@prabhjyotsingh Thanks for clarification.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/1163
Sorry, I mistake it as hdfs interpreter. For shell interpreter, do we must
have kerberos support ? I think here kinit is just for the hadoop command, so
actually it is for running hdfs command in
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/1163
agree with @felixcheung, use the zeppelin service keytab/principal might
bring some other potential security problems. I think user A would expect to
run shell script as himself, but actually it
Github user rconline commented on the issue:
https://github.com/apache/zeppelin/pull/1163
@felixcheung as of now the interpreters are reusing zeppelin keytab.
Typically this is case in the hadoop security world, where the keytab is
generated at a process level, whereas the
Github user rconline commented on the issue:
https://github.com/apache/zeppelin/pull/1163
@jongyoul here are some reference - http://linux.die.net/man/1/kinit &
http://www.tutorialspoint.com/unix_commands/kinit.htm
---
If your project is set up for it, you can reply to this email
Github user rconline commented on the issue:
https://github.com/apache/zeppelin/pull/1163
@felixcheung over a period of time, each interpreter will start to have
their own Keytab's. I think we should have separate keytabs for different
interpreters. We will ofcourse have to invest on
Github user felixcheung commented on the issue:
https://github.com/apache/zeppelin/pull/1163
If each interpreter has a separate settings for Kerberos, eg.
shell.keytab.location, would it be harder to manage?
---
If your project is set up for it, you can reply to this email and have
