[jira] [Commented] (PHOENIX-4688) Add kerberos authentication to python-phoenixdb

Fri, 13 Jul 2018 10:27:36 -0700 


    [ 
https://issues.apache.org/jira/browse/PHOENIX-4688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16543479#comment-16543479
 ] 

ASF GitHub Bot commented on PHOENIX-4688:
-----------------------------------------

Github user joshelser commented on the issue:

    https://github.com/apache/phoenix/pull/307
  
    Turning back on `KRB5_TRACE`...
    ```
    DEBUG:phoenixdb.avatica.client:POST http://localhost:60358/ 
'\n?org.apache.calcite.avatica.proto.Requests$OpenConnectionRequest\x12&\n$386e3317-e23e-4a0e-9fc6-2efaa546ffc4'
 {'content-type': 'application/x-google-protobuf'}
    DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): 
localhost:60358
    send: 'POST / HTTP/1.1\r\nHost: localhost:60358\r\nConnection: 
keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nUser-Agent: 
python-requests/2.19.1\r\ncontent-type: 
application/x-google-protobuf\r\nContent-Length: 
105\r\n\r\n\n?org.apache.calcite.avatica.proto.Requests$OpenConnectionRequest\x12&\n$386e3317-e23e-4a0e-9fc6-2efaa546ffc4'
    reply: 'HTTP/1.1 401 Unauthorized\r\n'
    header: Date: Fri, 13 Jul 2018 17:23:46 GMT
    header: WWW-Authenticate: Negotiate
    header: Cache-Control: must-revalidate,no-cache,no-store
    header: Content-Type: text/html; charset=ISO-8859-1
    header: Content-Length: 281
    header: Server: Jetty(9.2.19.v20160908)
    DEBUG:urllib3.connectionpool:http://localhost:60358 "POST / HTTP/1.1" 401 
281
    DEBUG:requests_kerberos.kerberos_:handle_401(): Handling: 401
    [28575] 1531502626.856661: ccselect module realm chose cache 
FILE:/tmp/krb5cc_502 with client principal us...@example.com for server 
principal HTTP/localh...@example.com
    [28575] 1531502626.856662: Getting credentials us...@example.com -> 
HTTP/localhost@ using ccache FILE:/tmp/krb5cc_502
    [28575] 1531502626.856663: Retrieving us...@example.com -> HTTP/localhost@ 
from FILE:/tmp/krb5cc_502 with result: -1765328243/Matching credential not 
found (filename: /tmp/krb5cc_502)
    [28575] 1531502626.856664: Retrying us...@example.com -> 
HTTP/localh...@example.com with result: -1765328243/Matching credential not 
found (filename: /tmp/krb5cc_502)
    [28575] 1531502626.856665: Server has referral realm; starting with 
HTTP/localh...@example.com
    [28575] 1531502626.856666: Retrieving us...@example.com -> 
krbtgt/example....@example.com from FILE:/tmp/krb5cc_502 with result: 0/Success
    [28575] 1531502626.856667: Starting with TGT for client realm: 
us...@example.com -> krbtgt/example....@example.com
    [28575] 1531502626.856668: Requesting tickets for 
HTTP/localh...@example.com, referrals on
    [28575] 1531502626.856669: Generated subkey for TGS request: aes128-cts/86C4
    [28575] 1531502626.856670: etypes requested in TGS request: aes256-cts, 
aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, 
camellia256-cts
    [28575] 1531502626.856672: Encoding request body and padata into FAST 
request
    [28575] 1531502626.856673: Sending request (807 bytes) to EXAMPLE.COM
    [28575] 1531502626.856674: Resolving hostname localhost
    [28575] 1531502626.856675: Initiating TCP connection to stream ::1:60299
    [28575] 1531502626.856676: Terminating TCP connection to stream ::1:60299
    [28575] 1531502626.856677: Initiating TCP connection to stream 
127.0.0.1:60299
    [28575] 1531502626.856678: Sending TCP request to stream 127.0.0.1:60299
    [28575] 1531502626.856679: Received answer (119 bytes) from stream 
127.0.0.1:60299
    [28575] 1531502626.856680: Terminating TCP connection to stream 
127.0.0.1:60299
    [28575] 1531502626.856681: Sending DNS URI query for _kerberos.EXAMPLE.COM.
    [28575] 1531502626.856682: No URI records found
    [28575] 1531502626.856683: Sending DNS SRV query for 
_kerberos-master._udp.EXAMPLE.COM.
    [28575] 1531502626.856684: Sending DNS SRV query for 
_kerberos-master._tcp.EXAMPLE.COM.
    [28575] 1531502626.856685: No SRV records found
    [28575] 1531502626.856686: Response was not from master KDC
    [28575] 1531502626.856687: TGS request result: -1765328343/Message stream 
modified
    [28575] 1531502626.856688: Requesting tickets for 
HTTP/localh...@example.com, referrals off
    [28575] 1531502626.856689: Generated subkey for TGS request: aes128-cts/F96F
    [28575] 1531502626.856690: etypes requested in TGS request: aes256-cts, 
aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, 
camellia256-cts
    [28575] 1531502626.856692: Encoding request body and padata into FAST 
request
    [28575] 1531502626.856693: Sending request (807 bytes) to EXAMPLE.COM
    [28575] 1531502626.856694: Resolving hostname localhost
    [28575] 1531502626.856695: Initiating TCP connection to stream ::1:60299
    [28575] 1531502626.856696: Terminating TCP connection to stream ::1:60299
    [28575] 1531502626.856697: Initiating TCP connection to stream 
127.0.0.1:60299
    [28575] 1531502626.856698: Sending TCP request to stream 127.0.0.1:60299
    [28575] 1531502626.856699: Received answer (119 bytes) from stream 
127.0.0.1:60299
    [28575] 1531502626.856700: Terminating TCP connection to stream 
127.0.0.1:60299
    [28575] 1531502626.856701: Sending DNS URI query for _kerberos.EXAMPLE.COM.
    [28575] 1531502626.856702: No URI records found
    [28575] 1531502626.856703: Sending DNS SRV query for 
_kerberos-master._udp.EXAMPLE.COM.
    [28575] 1531502626.856704: Sending DNS SRV query for 
_kerberos-master._tcp.EXAMPLE.COM.
    [28575] 1531502626.856705: No SRV records found
    [28575] 1531502626.856706: Response was not from master KDC
    [28575] 1531502626.856707: TGS request result: -1765328343/Message stream 
modified
    ERROR:requests_kerberos.kerberos_:generate_request_header(): 
authGSSClientStep() failed:
    Traceback (most recent call last):
      File 
"/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
 line 235, in generate_request_header
        negotiate_resp_value)
    GSSError: (('Unspecified GSS failure.  Minor code may provide more 
information', 851968), ('Message stream modified', 100001))
    ERROR:requests_kerberos.kerberos_:(('Unspecified GSS failure.  Minor code 
may provide more information', 851968), ('Message stream modified', 100001))
    Traceback (most recent call last):
      File 
"/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
 line 235, in generate_request_header
        negotiate_resp_value)
    GSSError: (('Unspecified GSS failure.  Minor code may provide more 
information', 851968), ('Message stream modified', 100001))
    ```
    
    So, definitely the KDC throwing a fit and telling us to go away: `[28575] 
1531502626.856707: TGS request result: -1765328343/Message stream modified`


> Add kerberos authentication to python-phoenixdb
> -----------------------------------------------
>
>                 Key: PHOENIX-4688
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4688
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Lev Bronshtein
>            Priority: Minor
>
> In its current state python-phoenixdv does not support support kerberos 
> authentication.  Using a modern python http library such as requests or 
> urllib it would be simple (if not trivial) to add this support.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to