[ https://issues.apache.org/jira/browse/NIFI-5041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16437527#comment-16437527 ]
ASF GitHub Bot commented on NIFI-5041: -------------------------------------- Github user peter-toth commented on a diff in the pull request: https://github.com/apache/nifi/pull/2630#discussion_r181441723 --- Diff: pom.xml --- @@ -94,6 +94,7 @@ <org.slf4j.version>1.7.25</org.slf4j.version> <ranger.version>0.7.1</ranger.version> <jetty.version>9.4.3.v20170317</jetty.version> + <httpclient.version>4.5.5</httpclient.version> --- End diff -- I think I see the issue now. I changed the httpclient and hadoop-auth dependency to "provided" in nifi-hadoop-util so they won't be included into all NARs depending on nifi-hadoop-util. > Add convenient SPNEGO/Kerberos authentication support to LivySessionController > ------------------------------------------------------------------------------ > > Key: NIFI-5041 > URL: https://issues.apache.org/jira/browse/NIFI-5041 > Project: Apache NiFi > Issue Type: Improvement > Affects Versions: 1.5.0 > Reporter: Peter Toth > Priority: Minor > > Livy requires SPNEGO/Kerberos authentication on a secured cluster. Initiating > such an authentication from NiFi is a viable by providing a > java.security.auth.login.config system property > (https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/lab/part6.html), > but this is a bit cumbersome and needs kinit running outside of NiFi. > An alternative and more sophisticated solution would be to do the SPNEGO > negotiation programmatically. > * This solution would add some new properties to the LivySessionController > to fetch kerberos principal and password/keytab > * Add the required HTTP Negotiate header (with an SPNEGO token) to the > HttpURLConnection to do the authentication programmatically > (https://tools.ietf.org/html/rfc4559) -- This message was sent by Atlassian JIRA (v7.6.3#76005)