I am using spark streaming to access kafka in a kerberized hadoop-spark and kafka environment.
I pass the "keytab" using the --files option to the spark job. This copies the keytab to the spark executor nodes.
As per my understanding there is no security risk here because the keytab can only be read by the "user' that is running the spark job and the keytab is deleted after the job is complete.
Please confirm if this is correct ? Passsing keytabs to the executors is a bit concerning, however I dont see a way around this.