Hi, I believe that accessing a Kerberos-secured HBase only works from a kerberized YARN, because you need the key tab shipping. But I’m not 100 % sure.
Best, Aljoscha > On 4. Dec 2019, at 07:41, venn <wxchunj...@163.com> wrote: > > Hi Guys: > I wonder about, it is work that flink on yarn deploy on no > authentication Hadoop cluster, access hbase deploy on Kerberos authentication > Hadoop cluster? If work, what I need to do. I already config flink-conf-yaml > properties “security.kerberos.login.keytab” and > “security.kerberos.login.principal”. > > > And i found the next paragraph in flink official website : > https://ci.apache.org/projects/flink/flink-docs-release-1.9/ops/security-kerberos.html > > > Hadoop Security Module > > This module uses the Hadoop UserGroupInformation (UGI) class to establish a > process-wide login user context. The login user is then used for all > interactions with Hadoop, including HDFS, HBase, and YARN. > > If Hadoop security is enabled (in core-site.xml), the login user will have > whatever Kerberos credential is configured. Otherwise, the login user conveys > only the user identity of the OS account that launched the cluster. > > > > > Thanks a lot !
