SQL Client security

Before launching the SQL Client, you need to use the kinit command to have Kerberos authentication for the client. You also need to add the keytab files for starting the YARN session to use the SQL Client in a secured environment.


In Kerberos protected environments, you must use kinit <principal> before launching the flink-sql-client. The CLI does not support keytab based Kerberos authentication yet.


YARN sessions that flink-sql-client is connected to should be started with Kerberos keytab and principal properties:
flink-yarn-session -tm 2096 -s 2 -d -nm "<application_name>" \
-D security.kerberos.login.principal=<username> \
-D security.kerberos.login.keytab=<keytab_name>