[
https://issues.apache.org/jira/browse/NIFI-866?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ricky Saltzer updated NIFI-866:
-------------------------------
Description:
Currently the AbstractHadoopProcessor only supports talking to non-kerberos
Hadoop clusters. Even though the user might be supplying a Hadoop configuration
which indicates the authentication implementation is Kerberos, NiFi will still
attempt to connect via SIMPLE authentication. This results in a processor
exception.
*Goals:*
* Minimal configuration for Kerberos support
* Talk to both secure and non-secure clusters within the same NiFi instance
* Support for more than one principal across processors (e.g. process A uses
User1, processor B uses User2)
*Non-Goals:*
* Use of more than one krb5.conf at a time
*Basic Usage Proposal:*
Edit _conf/nifi.properties_ and modify the following values
{code:title=nifi.properties|borderStyle=solid}
..
# kerberos #
nifi.kerberos.krb5.file=/path/to/krb5.conf
]{code}
was:
Currently the AbstractHadoopProcessor only supports talking to non-kerberos
Hadoop clusters. Even though the user might be supplying a Hadoop configuration
which indicates the authentication implementation is Kerberos, NiFi will still
attempt to connect via SIMPLE authentication. This results in a processor
exception.
*Goals:*
* Minimal configuration for Kerberos support
* Shouldn't have to configure individual processors (e.g. user could have tens
to hundreds of these processors)
*Non-Goals:*
* Support more than one kerberos principal at a time
* Support both secure and non-secure connections at the same time
*Basic Usage Proposal:*
Edit _conf/nifi.properties_ and modify the following values
{code:title=nifi.properties|borderStyle=solid}
..
# kerberos #
nifi.kerberos.enabled=true
nifi.kerberos.krb5.file=/path/to/krb5.conf
nifi.kerberos.keytab=/path/to/user.keytab
nifi.kerberos.principal=user@REALM
{code}
> Kerberos support for Hadoop processors
> ---------------------------------------
>
> Key: NIFI-866
> URL: https://issues.apache.org/jira/browse/NIFI-866
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
> Reporter: Ricky Saltzer
> Assignee: Ricky Saltzer
> Attachments: NIFI-866.2.patch, NIFI-866.patch,
> multiprincipal_secure_nonsecure.png
>
>
> Currently the AbstractHadoopProcessor only supports talking to non-kerberos
> Hadoop clusters. Even though the user might be supplying a Hadoop
> configuration which indicates the authentication implementation is Kerberos,
> NiFi will still attempt to connect via SIMPLE authentication. This results in
> a processor exception.
> *Goals:*
> * Minimal configuration for Kerberos support
> * Talk to both secure and non-secure clusters within the same NiFi instance
> * Support for more than one principal across processors (e.g. process A uses
> User1, processor B uses User2)
> *Non-Goals:*
> * Use of more than one krb5.conf at a time
> *Basic Usage Proposal:*
> Edit _conf/nifi.properties_ and modify the following values
> {code:title=nifi.properties|borderStyle=solid}
> ..
> # kerberos #
> nifi.kerberos.krb5.file=/path/to/krb5.conf
> ]{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
