Hi Aniket! Thanks for also looking into the problem!
I think checking `getAuthenticationMethod` on the UGI subject is the way to go. At the moment I don’t think there’s a better “proper” solution for this. As explained in the JIRA, we simply should not be checking for Kerberos credentials for all kinds of authentication methods, just Kerberos. I’m currently doing some final tests on a MapR Sandbox with the bug fix PR, will open it very soon. Would be great if you could take a look at the proposed fix too (it’s basically following along the lines you mentioned here :-) ). Cheers, Gordon On March 14, 2017 at 6:10:43 AM, ani.desh1512 (ani.desh1...@gmail.com) wrote: So, I was able to circumvent this issue. This is in no way a permanent solution, but I thought I should let you (and anybody who encounters this problem in future) know some of my observations. What I fount out was that, 1. In Mapr's version of hadoop, they do the authentication inside initialize() method of UserGroupInformation.java. 2. So, we would not need to check for kerberos credentials in flink's deploy() method of AbstractYarnClusterDescriptor.java (atleast for MapR's Hadoop version). 3. Also, the authentication method returned by MapR (via getAuthenticationMethod()) is CUSTOM. 4. I added a check for authenticationMethod, so that flink will check for hasKerberosAuthentication() ONLY if the authentication method is Kerberos. 5. After doing this change, and building flink, I was able to confirm that indeed a user with appropriate MapR credentials was able to login without issues and an error was raised for an user without credentials. This is the desired behavior that we wanted. -- View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Flink-Yarn-and-MapR-Kerberos-issue-tp11996p12194.html Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
