User specific keytab on Spark Executor

asked 2018-07-05 08:01:16 -0600

GeKas gravatar image

Hello, I am trying to use Spark Executor to so submit a job in a Kerberized YARN cluster. When defining the keytab and principal, the sdc will try to read it from the local filesystem as used sdc. That means that I have to grant read permissions to user "sdc" on the "user.keytab" file. On an SDC that is to be used by multiple users, this is a security issue, as a fraud user can define the same keytab. I have tried to define the keytab location to hdfs (since sdc can impersonate the user), so if HDFS permissions are correct, you have some security, but the Spark Executor cannot read it. Am I doing something wrong. Can a user (somehow) upload his personal keytab to sdc (similar approach to CDS workbench), or define it to pull it from HDFS?

Thanks in advance

edit retag flag offensive close merge delete