I think Kerberos needs to be supported by the driver first (pydruid) . This seems relevant: https://github.com/druid-io/pydruid/pull/126
Note that pydruid contains both the native driver wrapper and the SQLAlchemy dialect / dbapi driver. Max On Fri, Apr 17, 2020 at 12:44 AM Luca Toscano <toscano.l...@gmail.com> wrote: > Hi Maxime, > > I have never experimented with Druid + Kerberos with Superset (but > will surely do in the future), do you know if there are any snipped of > configuration for Druid with SQLAlchemy to enable kerberos? Something > like > https://github.com/apache/incubator-superset/issues/8794#issuecomment-605603773 > but for Druid. It would be great to have a doc page somewhere with > these kind of snippets to link people to it (or a markdown doc in the > repo). > > Thanks in advance, > > Luca > > On Fri, Apr 17, 2020 at 6:43 AM Maxime Beauchemin <m...@preset.io> wrote: > > > > Hi Paula, > > > > I left a comment on your PR. It needs to be rebased and some comments > need > > to be addressed. > > > > Best, > > > > Max > > > > On Wed, Apr 15, 2020 at 6:19 PM Paula Morais <psofiamor...@gmail.com> > wrote: > > > > > Hello > > > > > > I have a druid cluster with kerberos authentication enabled. > > > > > > As of now, Superset doesn’t support kerberos authentication when > sending > > > the API calls to a druid cluster. > > > > > > There’s an open PR with a solution, but hasn’t been merged > yet(comments not > > > being addressed) - > https://github.com/apache/incubator-superset/pull/7091 > > > > > > > > > Plus, Superset also uses pydruid in some of the queries to Druid. The > > > version of pydruid used also doesn’t support kerberos authentication. > > > > > > > > > I did a custom implementation so I could overcome the issue, > > > > > > Basically i'm doing a kinit every time a request is sent to Druid. Not > an > > > ideal solution, if we have many users setting up charts and dashboards, > > > since the principal used is always the same (e.g. superset) > > > > > > The best solution would be to have implemented a general authentication > > > function, once the application is started and TGT renewal process > once it > > > expires. > > > > > > > > > Is there an ongoing process for having this implemented? > > > > > > > > > Kind regards > > > > > > Paula Morais Clavica > > > >
