I am trying to understand how can i restrict a user from submitting spark application apart from shared secret method in standalone mode.
Can I use Kerberos based authentication in spark standlone cluster ? Considering the daemon processes will already be running as spark user, I guess the executors will also be started with same user ? So my understanding is - No. Kerberos is only available with YARN & MESOS.
Spark documentation doesn't make it very clear.
This is also required for multi-tenant access control for underlying shared file storage(non hdfs), its not safe to grant spark user read access to all the files/folders.
Other docs -
https://subscription.packtpub.com/book/big_data_and_business_intelligence/9781785885136/11/ch11lvl1sec105/security-configuration-in-spark Access control for Apache spark https://docs.cloudera.com/documentation/enterprise/latest/topics/sg_spark_auth.html#concept_vwz_gjj_zt