Istvan Toth created CALCITE-5947: ------------------------------------ Summary: Use existing ticket cache for kerberos login Key: CALCITE-5947 URL: https://issues.apache.org/jira/browse/CALCITE-5947 Project: Calcite Issue Type: New Feature Components: avatica Affects Versions: avatica-1.23.0 Reporter: Istvan Toth
Avatica currently requires that a kerberos principal and keytab is supplied in the JDBC URL for for connecting to a kerberized PQS. This is often sub-optimal solution. It would be much more user-friendly, if Avatica could simply use an existing ticket from the ticket cache. The algorithm could be something like this: * if principal and keytab is supplied in the URL: current behaviour * If only principal is supplied: try to load the ticket for the prinicpal from cache * If neither is supplied: Use first/default principal in the cache Most of the logic could be directly lifted from Phoenix Query Server: https://github.com/apache/phoenix-queryserver/blob/master/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/KerberosLoginFromTicketCache.java -- This message was sent by Atlassian Jira (v8.20.10#820010)