[
https://issues.apache.org/jira/browse/NIFI-866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14701851#comment-14701851
]
Joseph Witt commented on NIFI-866:
----------------------------------
Ricky - first off this is excellent!
Not an expert on kerberos but would it be feasible to have something equivalent
to an SSL Controller Service for Kerberos ? This way we can configure a
variety of Kerberos contexts and make that available as a controller service
which things like the HDFS processors can use. Not sure that makes
sense...but... Will read the patch more and do some research into kerberos to
better understand the options.
Thanks
Joe
> Kerberos support for Hadoop processors
> ---------------------------------------
>
> Key: NIFI-866
> URL: https://issues.apache.org/jira/browse/NIFI-866
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
> Reporter: Ricky Saltzer
> Assignee: Ricky Saltzer
> Attachments: NIFI-866.patch
>
>
> Currently the AbstractHadoopProcessor only supports talking to non-kerberos
> Hadoop clusters. Even though the user might be supplying a Hadoop
> configuration which indicates the authentication implementation is Kerberos,
> NiFi will still attempt to connect via SIMPLE authentication. This results in
> a processor exception.
> *Goals:*
> * Minimal configuration for Kerberos support
> * Shouldn't have to configure individual processors (e.g. user could have
> tens to hundreds of these processors)
> *Non-Goals:*
> * Support more than one kerberos principal at a time
> * Support both secure and non-secure connections at the same time
> *Basic Usage Proposal:*
> Edit _conf/nifi.properties_ and modify the following values
> {code:title=nifi.properties|borderStyle=solid}
> ..
> # kerberos #
> nifi.kerberos.enabled=true
> nifi.kerberos.krb5.file=/path/to/krb5.conf
> nifi.kerberos.keytab=/path/to/user.keytab
> nifi.kerberos.principal=user@REALM
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
