diff --git a/resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/ApplicationMaster.scala b/resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/ApplicationMaster.scala index 5a67caf8e2..ae9486d7e4 100644 --- a/resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/ApplicationMaster.scala +++ b/resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/ApplicationMaster.scala @@ -851,7 +851,9 @@ object ApplicationMaster extends Logging { master = new ApplicationMaster(amArgs, sparkConf, yarnConf) val ugi = sparkConf.get(PRINCIPAL) match { - case Some(principal) => + // We only need to log in with the keytab in cluster mode. In client mode, the driver + // handles the user keytab. + case Some(principal) if amArgs.userClass != null => val originalCreds = UserGroupInformation.getCurrentUser().getCredentials() SparkHadoopUtil.get.loginUserFromKeytab(principal, sparkConf.get(KEYTAB).orNull) val newUGI = UserGroupInformation.getCurrentUser() diff --git a/resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/Client.scala b/resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/Client.scala index 651e706021..5fc6894f89 100644 --- a/resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/Client.scala +++ b/resource-managers/yarn/src/main/scala/org/apache/spark/deploy/yarn/Client.scala @@ -767,15 +767,8 @@ private[spark] class Client( val props = confToProperties(sparkConf) // If propagating the keytab to the AM, override the keytab name with the name of the - // distributed file. Otherwise remove princpal/keytab from the conf, so they're not seen - // by the AM at all. - amKeytabFileName match { - case Some(kt) => - props.setProperty(KEYTAB.key, kt) - case None => - props.remove(PRINCIPAL.key) - props.remove(KEYTAB.key) - } + // distributed file. + amKeytabFileName.foreach { kt => props.setProperty(KEYTAB.key, kt) } writePropertiesToArchive(props, SPARK_CONF_FILE, confStream)