If you don’t mind, what is the use case where keytabs aren’t working for you? I’ve always found them easier since I don’t think you can setup passwords for service principals only user principals.
Thanks Shawn From: Pat White <[email protected]> Date: Thursday, January 23, 2020 at 4:46 PM To: Shawn Weeks <[email protected]> Cc: "[email protected]" <[email protected]>, Paul Poulosky <[email protected]> Subject: Re: Any work planned for adding Kerberos pkinit support? Wow, a lot of work on this! Thank you very much Shawn, and my apologies for completely missing the Jiras, thanks for the help. patw On Thu, Jan 23, 2020 at 4:23 PM Shawn Weeks <[email protected]<mailto:[email protected]>> wrote: Password based Kerberos is in the works and might have made it in 1.11. I’ve been seeing the pull requests for a while now. Thanks Shawn Sent from my iPhone > On Jan 23, 2020, at 11:22 AM, Pat White > <[email protected]<mailto:[email protected]>.invalid> wrote: > > Hi Folks, > > Is there any support for Kerberos authentication using Pkinit versus > keytabs, now or planned? > > Don't believe i saw anything documented, in Jira or in the src yet, but > wanted to ask in case i've missed something. Specifically looking at use by > processors, such as a service like the KeytabCredentialsService, as > opposed to user or ZK authentication. > > If not, any thoughts on an implementation approach? It seemed as though > creating a peer service, or adding an x509 API to the existing service was > reasonable, however it looks like significant work is needed to have > Kerberos aware processors support both credential schemes. > > patw
