[
https://issues.apache.org/jira/browse/NIFI-866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14707448#comment-14707448
]
Joseph Witt commented on NIFI-866:
----------------------------------
Validation is often a 'loose' thing. The 'best cases' for validation are when
it is definitive and has to do with NiFi itself. If it is something which
depends on an external resource then the conditions causing it to be invalid
could change without the user doing anything. These are trickier to do well
and keep a nice user experience for. I'd recommend just doing the login check
in the processor itself. And if it cannot login then it just fails that
process. Repeatedly.
> Kerberos support for Hadoop processors
> ---------------------------------------
>
> Key: NIFI-866
> URL: https://issues.apache.org/jira/browse/NIFI-866
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
> Reporter: Ricky Saltzer
> Assignee: Ricky Saltzer
> Attachments: NIFI-866.2.patch, NIFI-866.3.patch,
> multiprincipal_secure_nonsecure.png
>
>
> Currently the AbstractHadoopProcessor only supports talking to non-kerberos
> Hadoop clusters. Even though the user might be supplying a Hadoop
> configuration which indicates the authentication implementation is Kerberos,
> NiFi will still attempt to connect via SIMPLE authentication. This results in
> a processor exception.
> *Goals:*
> * Minimal configuration for Kerberos support
> * Talk to both secure and non-secure clusters within the same NiFi instance
> * Support for more than one principal across processors (e.g. process A uses
> User1, processor B uses User2)
> *Non-Goals:*
> * Use of more than one krb5.conf at a time
> *Basic Usage Proposal:*
> Edit _conf/nifi.properties_ and modify the following values
> {code:title=nifi.properties|borderStyle=solid}
> ..
> # kerberos #
> nifi.kerberos.krb5.file=/path/to/krb5.conf
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
