The spnego protocol use a kerberos principal with HTTP/<FQDN> and this principal (and keytab) is shared with all service on the same machine. So the creation of the spnego principal and keytab is not linked to a service and should have his own service. Every component which need the spnego keytab should depends on the kerberos spnego component.
This way we can extend it to add multiple principal into the spnego keytab to support a load balancer behind the component which need spnego. For example, if we want to have multiple Ranger Admin with a load balancer in front, the spnego keytab must have the principal of the load balancer.
The spnego protocol use a kerberos principal with
HTTP/<FQDN>and this principal (and keytab) is shared with all service on the same machine. So the creation of the spnego principal and keytab is not linked to a service and should have his own service. Every component which need the spnego keytab should depends on the kerberos spnego component.This way we can extend it to add multiple principal into the spnego keytab to support a load balancer behind the component which need spnego. For example, if we want to have multiple Ranger Admin with a load balancer in front, the spnego keytab must have the principal of the load balancer.