[
https://issues.apache.org/jira/browse/PHOENIX-5006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16678819#comment-16678819
]
Biju Nair edited comment on PHOENIX-5006 at 11/7/18 9:45 PM:
-------------------------------------------------------------
In the current {{Phoenix}}
[code|https://github.com/apache/phoenix/blob/6195f8e7b5efeecd5c736ba0ef121b706c875d8d/phoenix-core/src/main/java/org/apache/phoenix/jdbc/PhoenixEmbeddedDriver.java#L377],
a cluster is determined to be secure if the jdbc string includes {{Principal}}
/ {{Keytab}} and it does a UGI login. Can this be changed to also include
whether the property {{hadoop.security.authentication}} set to {{true}} for e.g
in the properties passed to create the connection. If set to {{true}} and
{{principal/keytab}} is not passed in the connection string then try to use the
logged in user's Kerberos ticket to create the connection.
BTW. If one creates a {{site.xml}} with this property alone and include it in
the classpath of the code making the jdbc connection to Phoenix, the connection
is successful which satisfies this requirement in a indirect way. But would be
good to accept this property setting through the props to the connection so
that no {{site.xml}} need to be maintained by the user.
was (Author: gsbiju):
In the current {{Phoenix}}
[code|https://github.com/apache/phoenix/blob/6195f8e7b5efeecd5c736ba0ef121b706c875d8d/phoenix-core/src/main/java/org/apache/phoenix/jdbc/PhoenixEmbeddedDriver.java#L377],
a cluster is determined to be secure if the jdbc string includes {{Principal}}
/ {{Keytab}} and it does a UGI login. Can this be changed to also include
whether the property {{hadoop.security.authentication}} set to {{true}} for e.g
in the properties passed to create the connection. If set to {{true}} and
{{principal/keytab}} is not passed in the connection string then try to use the
logged in user's Kerberos ticket.
BTW. If one creates a {{site.xml}} with this property alone and include it in
the classpath of the code making the jdbc connection to Phoenix, the connection
is successful which satisfies this requirement in a indirect way. But would be
good to accept this property setting through the props to the connection so
that no {{site.xml}} need to be maintained by the user.
> jdbc connection to secure cluster should be able to use Kerberos ticket of
> user
> -------------------------------------------------------------------------------
>
> Key: PHOENIX-5006
> URL: https://issues.apache.org/jira/browse/PHOENIX-5006
> Project: Phoenix
> Issue Type: Bug
> Reporter: Biju Nair
> Priority: Minor
>
> Currently JDBC connection against a secure Phoenix cluster requires a
> Kerberos principal and keytab to be passed in as part of the connection
> string. But in many instances users may not have a {{Keytab}} especially
> during development. It would be good to support using the logged users
> Kerberos ticket.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
