Hi, Nick, >From my understanding, if you configure the "security.kerberos.login.keytab", Flink will add the AppConfigurationEntry of this keytab to all the apps defined in "security.kerberos.login.contexts". If you define "java.security.auth.login.config" at the same time, Flink will also keep the configuration in it. For more details, see [1][2].
If you want to use this keytab to interact with HDFS, HBase and Yarn, you need to set "security.kerberos.login.contexts". See [3][4]. [1] https://ci.apache.org/projects/flink/flink-docs-master/ops/security-kerberos.html#jaas-security-module [2] https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/JaasModule.java [3] https://ci.apache.org/projects/flink/flink-docs-master/ops/security-kerberos.html#hadoop-security-module [4] https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java Best, Yangze Guo On Thu, May 21, 2020 at 11:06 PM Nick Bendtner <buggi...@gmail.com> wrote: > > Hi guys, > Is there any difference in providing kerberos config to the flink jvm using > this method in the flink configuration? > > env.java.opts: -Dconfig.resource=qa.conf > -Djava.library.path=/usr/mware/flink-1.7.2/simpleapi/lib/ > -Djava.security.auth.login.config=/usr/mware/flink-1.7.2/Jaas/kafka-jaas.conf > -Djava.security.krb5.conf=/usr/mware/flink-1.7.2/Jaas/krb5.conf > > Is there any difference in doing it this way vs providing it from > security.kerberos.login.keytab . > > Best, > > Nick.
