[
https://issues.apache.org/jira/browse/NIFI-866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14705056#comment-14705056
]
ASF GitHub Bot commented on NIFI-866:
-------------------------------------
GitHub user rickysaltzer opened a pull request:
https://github.com/apache/nifi/pull/75
NIFI-866: Add Kerberos Support for Hadoop
- Add krb5.conf to nifi.properties
nifi.kerberos.krb5.file | path to krb5.conf
- Connections to secure Hadoop clusters will be determined by their config,
that is, hadoop.security.authentication should be set to kerberos.
- Added two optional arguments to AbstractHadoopProcessor (principal and
keytab),
these are only required if the cluster you're connecting to is secured.
Both of
these options require the krb5.conf to be present in nifi.properties.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/rickysaltzer/nifi NIFI-866
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/75.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #75
----
commit 0ac84bf0bda940242c2f7e276237a41aaa357a74
Author: ricky <[email protected]>
Date: 2015-08-13T18:54:15Z
NIFI-866: Add Kerberos Support for Hadoop
- Add krb5.conf to nifi.properties
nifi.kerberos.krb5.file | path to krb5.conf
- Connections to secure Hadoop clusters will be determined by their config,
that is, hadoop.security.authentication should be set to kerberos.
- Added two optional arguments to AbstractHadoopProcessor (principal and
keytab),
these are only required if the cluster you're connecting to is secured.
Both of
these options require the krb5.conf to be present in nifi.properties.
----
> Kerberos support for Hadoop processors
> ---------------------------------------
>
> Key: NIFI-866
> URL: https://issues.apache.org/jira/browse/NIFI-866
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
> Reporter: Ricky Saltzer
> Assignee: Ricky Saltzer
> Attachments: NIFI-866.2.patch, NIFI-866.3.patch,
> multiprincipal_secure_nonsecure.png
>
>
> Currently the AbstractHadoopProcessor only supports talking to non-kerberos
> Hadoop clusters. Even though the user might be supplying a Hadoop
> configuration which indicates the authentication implementation is Kerberos,
> NiFi will still attempt to connect via SIMPLE authentication. This results in
> a processor exception.
> *Goals:*
> * Minimal configuration for Kerberos support
> * Talk to both secure and non-secure clusters within the same NiFi instance
> * Support for more than one principal across processors (e.g. process A uses
> User1, processor B uses User2)
> *Non-Goals:*
> * Use of more than one krb5.conf at a time
> *Basic Usage Proposal:*
> Edit _conf/nifi.properties_ and modify the following values
> {code:title=nifi.properties|borderStyle=solid}
> ..
> # kerberos #
> nifi.kerberos.krb5.file=/path/to/krb5.conf
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
