Hi Sarthak, 

Happy to help. Could you please share the jobmanager/taskmanager log and flink conf again? 

Also, Flink 1.4.0 has a regression on kerberos security (keytab path in TaskManager is set incorrectly) , which is fixed on 1.4.1. (see https://issues.apache.org/jira/browse/FLINK-8275)

Shuyi

On Mon, Mar 26, 2018 at 2:35 AM, Timo Walther <[hidden email]> wrote:

Hi Sarthak,

I'm not a Kerberos expert but maybe Eron or Shuyi are more familiar with the details?

Would be great if somebody could help.

Thanks,
Timo

Am 22.03.18 um 10:16 schrieb Sahu, Sarthak 1. (Nokia - IN/Bangalore):

Hi Folks,

 

  Environment Setup:

1. I have configured KDC 5 server.
2. Configured Kerberos in zookeeper-3.4.10 wherein I can able to connect ZooKeeper Server/Client via Kerberos authentication.
3. Now flink-1.4.0 has configured for Kerberos authentication as per below instruction.

• https://ci.apache.org/projects/flink/flink-docs-release-1.4/ops/config.html#kerberos-based-security
• https://ci.apache.org/projects/flink/flink-docs-release-1.4/ops/config.html#kerberos-based-security-1

  Success Scenario:

1. All Kerberos configuration parameter is correct and flink/zookeeper able to connect trough TGT.

 Problem:

1. Even if wrong Kerberos credentials given, flink able to connect ZooKeeper.

 

Please find the taskmanager/jobmanger logs and flink config file for both scenario attached.

 

Hoping for quick resolution.

 

Regards

Sarthak Sahu

 

--

"So you have to trust that the dots will somehow connect in your future."