pan3793 commented on PR #13187: URL: https://github.com/apache/iceberg/pull/13187#issuecomment-2962648826
@gaborgsomogyi TGT is quite a useful way to simplify keytab management, we heavliy use TGT with `spark-submit --proxy-user xxx` to run Spark jobs, most of them completed in the DT lifetime so no renewal is required, for long running jobs, we have external service[1] to refresh DT and use custom RPC to send the DT to driver. I know you wrote the Spark Kafka data source DT provider, I'm not sure how many differences between Keytab and DT Kerberos authN for Kafka, but there are not many differences for Hive, what we need to do here is just follow the Spark's built-in HiveDelegationTokenProvider behavior, right? [1] https://github.com/apache/kyuubi/issues/913 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
