[
https://issues.apache.org/jira/browse/NIFI-866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14707468#comment-14707468
]
Bryan Bende commented on NIFI-866:
----------------------------------
Maybe the compromise is to keep the first three checks that the Kerberos
validator is doing (both properties entered, config file exists, and config
file is readable) happening at validation time since they seem to be more on
the nifi side of things, and then the actual logging in happens in onScheduled
as Joe mentioned.
> Kerberos support for Hadoop processors
> ---------------------------------------
>
> Key: NIFI-866
> URL: https://issues.apache.org/jira/browse/NIFI-866
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
> Reporter: Ricky Saltzer
> Assignee: Ricky Saltzer
> Attachments: NIFI-866.2.patch, NIFI-866.3.patch,
> multiprincipal_secure_nonsecure.png
>
>
> Currently the AbstractHadoopProcessor only supports talking to non-kerberos
> Hadoop clusters. Even though the user might be supplying a Hadoop
> configuration which indicates the authentication implementation is Kerberos,
> NiFi will still attempt to connect via SIMPLE authentication. This results in
> a processor exception.
> *Goals:*
> * Minimal configuration for Kerberos support
> * Talk to both secure and non-secure clusters within the same NiFi instance
> * Support for more than one principal across processors (e.g. process A uses
> User1, processor B uses User2)
> *Non-Goals:*
> * Use of more than one krb5.conf at a time
> *Basic Usage Proposal:*
> Edit _conf/nifi.properties_ and modify the following values
> {code:title=nifi.properties|borderStyle=solid}
> ..
> # kerberos #
> nifi.kerberos.krb5.file=/path/to/krb5.conf
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
