[jira] [Commented] (NIFI-866) Kerberos support for Hadoop processors

Wed, 19 Aug 2015 09:48:01 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14703328#comment-14703328
 ] 

Ryan Blue commented on NIFI-866:
--------------------------------

I think Joe's reasoning is sound and that we should keep the credentials in the 
processors. It shouldn't be difficult to use Flume's UGI support to get that 
done.

Also, would it make sense to put together a Kerberos & NiFi proposal? I think 
in the long run we're going to want NiFi to have its own Kerberos principal 
that can act on behalf of its users. That way, NiFi ties to run everything with 
the credentials of the user that configured a flow. That user can then use 
processor-level configuration to proxy as a different user or log in as a 
different user. Does that make sense?

> Kerberos support for Hadoop processors 
> ---------------------------------------
>
>                 Key: NIFI-866
>                 URL: https://issues.apache.org/jira/browse/NIFI-866
>             Project: Apache NiFi
>          Issue Type: New Feature
>          Components: Extensions
>            Reporter: Ricky Saltzer
>            Assignee: Ricky Saltzer
>         Attachments: NIFI-866.patch
>
>
> Currently the AbstractHadoopProcessor only supports talking to non-kerberos 
> Hadoop clusters. Even though the user might be supplying a Hadoop 
> configuration which indicates the authentication implementation is Kerberos, 
> NiFi will still attempt to connect via SIMPLE authentication. This results in 
> a processor exception. 
> *Goals:*
> *  Minimal configuration for Kerberos support
> *  Shouldn't have to configure individual processors (e.g. user could have 
> tens to hundreds of these processors) 
> *Non-Goals:*
> *  Support more than one kerberos principal at a time
> *  Support both secure and non-secure connections at the same time
> *Basic Usage Proposal:*
> Edit _conf/nifi.properties_ and modify the following values
> {code:title=nifi.properties|borderStyle=solid}
> ..
> # kerberos #
> nifi.kerberos.enabled=true
> nifi.kerberos.krb5.file=/path/to/krb5.conf
> nifi.kerberos.keytab=/path/to/user.keytab
> nifi.kerberos.principal=user@REALM
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to