[jira] [Commented] (NIFI-866) Kerberos support for Hadoop processors

Tue, 18 Aug 2015 13:13:11 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14701896#comment-14701896
 ] 

Ricky Saltzer commented on NIFI-866:
------------------------------------

Ultimately, it would be nice to have a service that other processors could 
obtain a LoginContext from, or something along those lines. Hadoop, however 
appears to communicate very implicitly, in that you basically execute two 
static methods on the Hadoop specific UserGroupInformation class in order to 
declare you will be authenticating via Kerberos. 

{code}
            if (KERBEROS_ENABLED) {
                UserGroupInformation.setConfiguration(config);
                UserGroupInformation.loginUserFromKeytab(KERBEROS_PRINCIPAL, 
KERBEROS_KEYTAB.getAbsolutePath());
            }
{code}

> Kerberos support for Hadoop processors 
> ---------------------------------------
>
>                 Key: NIFI-866
>                 URL: https://issues.apache.org/jira/browse/NIFI-866
>             Project: Apache NiFi
>          Issue Type: New Feature
>          Components: Extensions
>            Reporter: Ricky Saltzer
>            Assignee: Ricky Saltzer
>         Attachments: NIFI-866.patch
>
>
> Currently the AbstractHadoopProcessor only supports talking to non-kerberos 
> Hadoop clusters. Even though the user might be supplying a Hadoop 
> configuration which indicates the authentication implementation is Kerberos, 
> NiFi will still attempt to connect via SIMPLE authentication. This results in 
> a processor exception. 
> *Goals:*
> *  Minimal configuration for Kerberos support
> *  Shouldn't have to configure individual processors (e.g. user could have 
> tens to hundreds of these processors) 
> *Non-Goals:*
> *  Support more than one kerberos principal at a time
> *  Support both secure and non-secure connections at the same time
> *Basic Usage Proposal:*
> Edit _conf/nifi.properties_ and modify the following values
> {code:title=nifi.properties|borderStyle=solid}
> ..
> # kerberos #
> nifi.kerberos.enabled=true
> nifi.kerberos.krb5.file=/path/to/krb5.conf
> nifi.kerberos.keytab=/path/to/user.keytab
> nifi.kerberos.principal=user@REALM
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to