ASF GitHub Bot commented on NIFI-5041:

Github user mattyb149 commented on a diff in the pull request:

    --- Diff: pom.xml ---
    @@ -94,6 +94,7 @@
    +        <httpclient.version>4.5.5</httpclient.version>
    --- End diff --
    Per [NIFI-4936](https://issues.apache.org/jira/browse/NIFI-4936), this 
needs to be pushed down to each NAR/bundle. In your case since you are using it 
in nifi-hadoop-utils, each NAR that has this as a dependency should declare it. 
If they already bring in httpclient, you'd likely need to reuse that version 
rather than setting it to 4.5.5, to avoid eviction.

> Add convenient SPNEGO/Kerberos authentication support to LivySessionController
> ------------------------------------------------------------------------------
>                 Key: NIFI-5041
>                 URL: https://issues.apache.org/jira/browse/NIFI-5041
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.5.0
>            Reporter: Peter Toth
>            Priority: Minor
> Livy requires SPNEGO/Kerberos authentication on a secured cluster. Initiating 
> such an authentication from NiFi is a viable by providing a 
> java.security.auth.login.config system property 
> (https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/lab/part6.html),
>  but this is a bit cumbersome and needs kinit running outside of NiFi.
> An alternative and more sophisticated solution would be to do the SPNEGO 
> negotiation programmatically.
>  * This solution would add some new properties to the LivySessionController 
> to fetch kerberos principal and password/keytab
>  * Add the required HTTP Negotiate header (with an SPNEGO token) to the 
> HttpURLConnection to do the authentication programmatically 
> (https://tools.ietf.org/html/rfc4559)

This message was sent by Atlassian JIRA

Reply via email to