Security configuration in Spark
Spark currently supports two methods of authentication:
- Kerberos
- Shared Secret
Kerberos authentication
It is recommended to use Kerberos authentication when using Spark on YARN.
A Kerberos Principal is used in a Kerborized system to represent a unique identity. Kerberos can assign tickets to these identities, which helps them identify themselves while accessing Hadoop clusters secured by Kerberos. While the principals can generally have an arbitrary number of components, in Hadoop the principals are of the following format: username/[email protected]
. Your user name here can refer to an existing account like HDFS, Mapred, or Spark.
You will need to follow the following steps:
Creation of the Spark
Principal and Keytab
file - You will need to create a Spark Principal and the Spark keytab
file using the following commands:
Tip
FQDN is your Full Qualified Domain Name
- Creating the Principal:
kadmin: addprinc -randkey spark/[email protected]
- Creating the Keytab file...