Hi,
I believe that accessing a Kerberos-secured HBase only works from a kerberized YARN, because you need the key tab shipping. But I’m not 100 % sure.
Best,
Aljoscha
> On 4. Dec 2019, at 07:41, venn <
[hidden email]> wrote:
>
> Hi Guys:
> I wonder about, it is work that flink on yarn deploy on no authentication Hadoop cluster, access hbase deploy on Kerberos authentication Hadoop cluster? If work, what I need to do. I already config flink-conf-yaml properties “security.kerberos.login.keytab” and “security.kerberos.login.principal”.
>
>
> And i found the next paragraph in flink official website :
https://ci.apache.org/projects/flink/flink-docs-release-1.9/ops/security-kerberos.html
>
> Hadoop Security Module
>
> This module uses the Hadoop UserGroupInformation (UGI) class to establish a process-wide login user context. The login user is then used for all interactions with Hadoop, including HDFS, HBase, and YARN.
>
> If Hadoop security is enabled (in core-site.xml), the login user will have whatever Kerberos credential is configured. Otherwise, the login user conveys only the user identity of the OS account that launched the cluster.
>
>
>
>
> Thanks a lot !
Locked
