Hello! There’s been a few discussions lately on how to improve the Kerberos support in Flink. I’ve drafted a design document that lays out a plan to support keytab-based authentication for HDFS, Kafka, and ZooKeeper. In addition, the plan contemplates secure, TLS-based communication between cluster components.
The main goals are secure data access for Kerberized connectors and cluster authentication to prevent unauthorized access to cluster secrets. Here is the document: https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing I anticipate filing a multitude of JIRAs following a design discussion. It is a big task and there will be opportunities for others in the community to help. Thanks, Eron Wright EMC
