elukey commented on issue #5659: [AIRFLOW-5033] Switched to snakebite-py3 [DO NOT MERGE] URL: https://github.com/apache/airflow/pull/5659#issuecomment-559814094 > Hey @elukey -> any news on that :)? Hi @potiuk, unfortunately I wasn't been able to complete the code since it seems that the SASL libraries that are available (`sasl` and `pure-sasl` on pypi) are not working as I'd need. The first seems abandoned (last commit in 2016) and not working with Kerberos auth+encryption, meanwhile the latter works very well with Kerberos, but not with DIGEST-MD5 qop auth-conf (encryption, only auth is supported). The last version of `snakebite-py3` uses pure-sasl because it works really well, I opened an issue to see if the new feature can be added: https://github.com/thobbs/pure-sasl/issues/32. I don't have a lot of hope since DIGEST-MD5 auth-conf is based on ancient protocols (DES, RC4, etc..) so not really up to the current standards of AES. The Hadoop Datanode protocol seems to require it during negotiation of AES encryption (yes very ironic).. The `sasl` lib (https://github.com/cloudera/python-sasl/tree/master/sasl) is a wrapper around the Cyrus SASL library, that should support it, but sadly I wasn't able to make it work with Kerberos (so I was blocked one step before the current issue). There is a pull request to refresh the bindings (https://github.com/cloudera/python-sasl/pull/15), but nobody from upstream is paying attention. If you know anybody from Cloudera that can help, we may have a way forward :) Just to clarify, `snakebite-py3` now supports kerberos and works well in all the use cases, except when full encryption is requested. So currently it is doing what its python2/3 version supported, what I am trying to add is something more that was not added before. No idea if the airflow community really needs it (enough to block 2.0 I mean); if so we could work on replacing snakebite with pyarrow (even if it was tried before and I didn't get exactly what blocked the migration). Let me know :)
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
