Proxy users for Kerberos-enabled clusters

For secure clusters, the proxy users must have Kerberos credentials to impersonate another user.

Proxy users cannot use delegation tokens. If a user is allowed to add its own delegation token to the proxy user UGI, it also allows the proxy user to connect to the service with the privileges of the original user.

If a superuser wants to give a delegation token to a proxy-user UGI, for example, alice, the superuser must first impersonate alice, get a delegation token for alice, and add it to the UGI for the newly created proxy UGI. This way, the delegation token has its owner set to alice.