[
https://issues.apache.org/jira/browse/KNOX-817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15959953#comment-15959953
]
Larry McCay commented on KNOX-817:
----------------------------------
[~Wancy] and [~elserj] - this is a good catch.
We do need identity assertion providers to always be available.
Identity assertion is needed to enable the use of doas and user.name for the
trusted proxy pattern as [~Wancy] described but it is also needed in order to
do any kind of principal mapping or user disambiguation or even the integration
of the Hadoop Group Lookup provider which happens to be implemented as an
identity assertion provider.
This does need to be filed as a separate JIRA as [~elserj] indicated.
Thanks so much for finding and reporting this!
> Gateway service defintion for Avatica
> -------------------------------------
>
> Key: KNOX-817
> URL: https://issues.apache.org/jira/browse/KNOX-817
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 0.11.0
>
> Attachments: KNOX-817.001.patch
>
>
> Apache Avatica, an Apache Calcite sub-project, is an HTTP-based JDBC server
> and corresponding JDBC driver (which uses that server). It is meant to act as
> a proxy to some database. Avatica is presently used by a number of projects,
> Apache Phoenix and Apache Drill to name two prominent ones, and has a number
> of community-developed drivers in languages other than Java.
> As far as authentication goes, Avatica only provides authentication based on
> the authentication capabilities of the database. Knox is a natural fit for
> Avatica, specifically the centralized authentication, SSL support, and
> auditing are all enticing features.
> With the help of [~lmccay] (and
> https://github.com/moresandeep/knox-dev-docker), I got some service files
> working very quickly. Would be nice to contribute these back to enable
> Phoenix, Drill and others to use Knox out of the box.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
