SQL Client security
Before launching the SQL Client, you need to use the kinit command to have Kerberos authentication for the client. You also need to add the keytab files for starting the YARN session to use the SQL Client in a secured environment.
flink-sql-client
In Kerberos protected environments, you must use kinit <principal> before
launching the flink-sql-client. The CLI does not support keytab based Kerberos
authentication yet.
flink-yarn-session
YARN sessions that
flink-sql-client is connected to should be started with
Kerberos keytab and principal
properties:flink-yarn-session -tm 2096 -s 2 -d -nm "<application_name>" \ -D security.kerberos.login.principal=<username> \ -D security.kerberos.login.keytab=<keytab_name>
