Thanks Josh! I tried using the same basic authentication query as there is no spnego but somehow it will stuck for a while before open the shell and show timeout error. And this happened also when I did spnego auth without specify keytab and principal in the query. But if I put keytab and principal together with basic auth credentials it will show 401.
And by the way I submitted a new patch to calcite-1539 please take a look, thanks :) Best, Shi From: Josh Elser <[email protected]> To: [email protected] Date: 03/06/2017 11:06 AM Subject: Re: When connect to PQS thin client through proxy server using spnego. You don't (typically) :) The thin client needs to authenticate to the proxy server and then the proxy server would perform the SPNEGO authentication as itself to the backend server (PQS). One of the perks of using a proxy server like this is that you can use a very simple authentication method to the proxy server (HTTP BASIC auth) instead of SPNEGO (which is much more error-prone). Assuming your situation hasn't changed, this would be some amount of configuration of Apache Knox to authenticate to PQS and "impersonate" you. This might be dependent on some Knox work (configuration, if nothing else), maybe also on your patch from CALCITE-1539. Shi Wang wrote: > Hi, > > Normally if I use PQS thin client SPNEGO authentication, just need to > specify keytab and principal in the query string. But if before reaching > PQS, need to do Basic auth to a proxy server. How do I encapsulate both > the credential for Basic auth and the SPNEGO credential? > > Best, > Shi > > > >
