Istvan Toth created CALCITE-5947:
------------------------------------
Summary: Use existing ticket cache for kerberos login
Key: CALCITE-5947
URL: https://issues.apache.org/jira/browse/CALCITE-5947
Project: Calcite
Issue Type: New Feature
Components: avatica
Affects Versions: avatica-1.23.0
Reporter: Istvan Toth
Avatica currently requires that a kerberos principal and keytab is supplied in
the JDBC URL for for connecting to a kerberized PQS.
This is often sub-optimal solution.
It would be much more user-friendly, if Avatica could simply use an existing
ticket from the ticket cache.
The algorithm could be something like this:
* if principal and keytab is supplied in the URL:
current behaviour
* If only principal is supplied:
try to load the ticket for the prinicpal from cache
* If neither is supplied:
Use first/default principal in the cache
Most of the logic could be directly lifted from Phoenix Query Server:
https://github.com/apache/phoenix-queryserver/blob/master/phoenix-queryserver-client/src/main/java/org/apache/phoenix/queryserver/client/KerberosLoginFromTicketCache.java
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
