[jira] [Created] (FLINK-5949) Flink on YARN checks for Kerberos credentials for non-Kerberos authentication methods

Tzu-Li (Gordon) Tai (JIRA) Wed, 01 Mar 2017 22:16:38 -0800

Tzu-Li (Gordon) Tai created FLINK-5949:
------------------------------------------


             Summary: Flink on YARN checks for Kerberos credentials for 
non-Kerberos authentication methods
                 Key: FLINK-5949
                 URL: https://issues.apache.org/jira/browse/FLINK-5949
             Project: Flink
          Issue Type: Bug
          Components: Security
    Affects Versions: 1.2.0
            Reporter: Tzu-Li (Gordon) Tai
            Priority: Critical


Reported in ML: 
http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Flink-Yarn-and-MapR-Kerberos-issue-td11996.html

The problem is that the Flink on YARN client incorrectly assumes 
{{UserGroupInformation.isSecurityEnabled()}} returns {{true}} only for Kerberos 
authentication modes, whereas it actually returns {{true}} for other kinds of 
authentications too.

We should use {{UserGroupInformation.getAuthenticationMethod()}} to check for 
{{KERBEROS}} only.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Created] (FLINK-5949) Flink on YARN checks for Kerberos credentials for non-Kerberos authentication methods

Reply via email to