[
https://issues.apache.org/jira/browse/PHOENIX-4688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16633029#comment-16633029
]
Lev Bronshtein edited comment on PHOENIX-4688 at 9/29/18 3:26 PM:
------------------------------------------------------------------
[~elserj]
Using requests-gssapi or unhacked requests kerberos should cause you to see the
following
{quote}2018-09-12 12:44:26,548 DEBUG [RedundancyMonitor]
blockmanagement.BlockManager(1880): BLOCK* neededReconstruction = 0
pendingReconstruction = 0
2018-09-12 12:44:26,551 WARN [qtp1281394403-467]
security.SpnegoLoginService(162):
*GSSException: No credential found for: 1.2.840.113554.1.2.2 usage: Accept*
at sun.security.jgss.GSSCredentialImpl.getElement(GSSCredentialImpl.java:600)
{quote}
This is what CALCITE-1922 attempts to fix. This would show up in failsafe
output log
The output you posted looks strange as MIT should try to fallback to TCP or
that was my impression. From
[https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html]
{quote}*udp_preference_limit*When sending a message to the KDC, the library
will try using TCP before UDP if the size of the message is above
*udp_preference_limit*. If the message is smaller than*udp_preference_limit*,
then UDP will be tried before TCP. *Regardless of the size, both protocols will
be tried if the first attempt fails.*
{quote}
Also TCP and UDP seem to be mutually exclusive for MiniKDC
[https://github.com/apache/hadoop/blob/a55d6bba71c81c1c4e9d8cd11f55c78f10a548b0/hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/MiniKdc.java#L308]
{code:java}
if (transport.trim().equals("TCP")) {
simpleKdc.setKdcTcpPort(port);
simpleKdc.setAllowUdp(false);
} else if (transport.trim().equals("UDP")) {
simpleKdc.setKdcUdpPort(port);
simpleKdc.setAllowTcp(false);
}{code}
was (Author: lbronshtein):
[~elserj]
Using requests-gssapi or unhacked requests kerberos should cause you to see the
following
{quote}2018-09-12 12:44:26,548 DEBUG [RedundancyMonitor]
blockmanagement.BlockManager(1880): BLOCK* neededReconstruction = 0
pendingReconstruction = 0
2018-09-12 12:44:26,551 WARN [qtp1281394403-467]
security.SpnegoLoginService(162):
*GSSException: No credential found for: 1.2.840.113554.1.2.2 usage: Accept*
at sun.security.jgss.GSSCredentialImpl.getElement(GSSCredentialImpl.java:600)
{quote}
This is what CALCITE-1922 attempts to fix. This would show up in failsafe
output log
The output you posted looks strange as MIT should try to fallback to TCP or
that was my impression. From
[https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html]
{quote}*udp_preference_limit*When sending a message to the KDC, the library
will try using TCP before UDP if the size of the message is above
*udp_preference_limit*. If the message is smaller than*udp_preference_limit*,
then UDP will be tried before TCP. *Regardless of the size, both protocols will
be tried if the first attempt fails.*
{quote}
> Add kerberos authentication to python-phoenixdb
> -----------------------------------------------
>
> Key: PHOENIX-4688
> URL: https://issues.apache.org/jira/browse/PHOENIX-4688
> Project: Phoenix
> Issue Type: Improvement
> Reporter: Lev Bronshtein
> Priority: Minor
>
> In its current state python-phoenixdv does not support support kerberos
> authentication. Using a modern python http library such as requests or
> urllib it would be simple (if not trivial) to add this support.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
