Peter Toth created NIFI-5041:
--------------------------------
Summary: Add convenient SPNEGO/Kerberos authentication support to
LivySessionController
Key: NIFI-5041
URL: https://issues.apache.org/jira/browse/NIFI-5041
Project: Apache NiFi
Issue Type: Bug
Affects Versions: 1.5.0
Reporter: Peter Toth
Livy requires SPNEGO/Kerberos authentication on a secured cluster. Initiating
such an authentication from NiFi is a viable by providing a
java.security.auth.login.config system property
(https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/lab/part6.html),
but this is a bit cumbersome and needs kinit running outside of NiFi.
An alternative and more sophisticated solution would be to do the SPNEGO
negotiation programmatically.
* This solution would add some new properties to the LivySessionController to
fetch kerberos principal and password/keytab
* Add the required HTTP Negotiate header (with an SPNEGO token) to the
HttpURLConnection to do the authentication programmatically
(https://tools.ietf.org/html/rfc4559)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
