[ https://issues.apache.org/jira/browse/NIFI-5041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467452#comment-16467452 ]
ASF GitHub Bot commented on NIFI-5041: -------------------------------------- Github user peter-toth commented on a diff in the pull request: https://github.com/apache/nifi/pull/2630#discussion_r186738068 --- Diff: nifi-nar-bundles/nifi-extension-utils/nifi-hadoop-utils/src/main/java/org/apache/nifi/hadoop/KerberosConfiguration.java --- @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.hadoop; + +import org.apache.hadoop.security.authentication.util.KerberosUtil; + +import javax.security.auth.login.AppConfigurationEntry; +import java.util.HashMap; +import java.util.Map; + +/** + * Modified Kerberos configuration class from {@link org.apache.hadoop.security.authentication.client.KerberosAuthenticator.KerberosConfiguration} + * that requires authentication from a keytab. + */ +public class KerberosConfiguration extends javax.security.auth.login.Configuration { --- End diff -- @mattyb149, @joewitt can you please help me and review this PR and let me know if I need to change anything. > Add convenient SPNEGO/Kerberos authentication support to LivySessionController > ------------------------------------------------------------------------------ > > Key: NIFI-5041 > URL: https://issues.apache.org/jira/browse/NIFI-5041 > Project: Apache NiFi > Issue Type: Improvement > Affects Versions: 1.5.0 > Reporter: Peter Toth > Priority: Minor > > Livy requires SPNEGO/Kerberos authentication on a secured cluster. Initiating > such an authentication from NiFi is a viable by providing a > java.security.auth.login.config system property > (https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/lab/part6.html), > but this is a bit cumbersome and needs kinit running outside of NiFi. > An alternative and more sophisticated solution would be to do the SPNEGO > negotiation programmatically. > * This solution would add some new properties to the LivySessionController > to fetch kerberos principal and password/keytab > * Add the required HTTP Negotiate header (with an SPNEGO token) to the > HttpURLConnection to do the authentication programmatically > (https://tools.ietf.org/html/rfc4559) -- This message was sent by Atlassian JIRA (v7.6.3#76005)