ASF GitHub Bot commented on NIFI-5041:

Github user peter-toth commented on a diff in the pull request:

    --- Diff: pom.xml ---
    @@ -94,6 +94,7 @@
    +        <httpclient.version>4.5.5</httpclient.version>
    --- End diff --
    I think I see the issue now. I changed the httpclient and hadoop-auth 
dependency to "provided" in nifi-hadoop-util so they won't be included into all 
NARs depending on nifi-hadoop-util.

> Add convenient SPNEGO/Kerberos authentication support to LivySessionController
> ------------------------------------------------------------------------------
>                 Key: NIFI-5041
>                 URL: https://issues.apache.org/jira/browse/NIFI-5041
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.5.0
>            Reporter: Peter Toth
>            Priority: Minor
> Livy requires SPNEGO/Kerberos authentication on a secured cluster. Initiating 
> such an authentication from NiFi is a viable by providing a 
> java.security.auth.login.config system property 
> (https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/lab/part6.html),
>  but this is a bit cumbersome and needs kinit running outside of NiFi.
> An alternative and more sophisticated solution would be to do the SPNEGO 
> negotiation programmatically.
>  * This solution would add some new properties to the LivySessionController 
> to fetch kerberos principal and password/keytab
>  * Add the required HTTP Negotiate header (with an SPNEGO token) to the 
> HttpURLConnection to do the authentication programmatically 
> (https://tools.ietf.org/html/rfc4559)

This message was sent by Atlassian JIRA

Reply via email to