[
https://issues.apache.org/jira/browse/PHOENIX-6414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17309336#comment-17309336
]
Istvan Toth edited comment on PHOENIX-6414 at 3/26/21, 10:34 AM:
-----------------------------------------------------------------
[~scaica] has tested 4.7, 5.0, and 6.0.0-SNAPSHOT, and confirmed that each
works with the SPENGO OID, but 5.0.0 doesn't work the kerberos OID.
was (Author: stoty):
I got another report that the PQS in 5.0.0 doesn't work doesn't work with the
default (kerberos) OID, but works with the SPNEGO OID.
Strangely enough, The 4.7 Queryserver seems to work with both, just like the
6.0.0-SNAPSHOT version.
> Access to Phoenix from Python using SPNEGO
> ------------------------------------------
>
> Key: PHOENIX-6414
> URL: https://issues.apache.org/jira/browse/PHOENIX-6414
> Project: Phoenix
> Issue Type: Bug
> Components: queryserver
> Affects Versions: 5.0.0
> Reporter: Carlos GarcĂa Montoro
> Assignee: Istvan Toth
> Priority: Major
> Labels: patch
> Attachments: phoenixdb.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> When connecting to Phoenix from Python using "SPNEGO" as the authentication
> mechanism an exception occurs:
> {noformat}
> import phoenixdb
> import phoenixdb.cursor
> database_url = 'http://myphoenixdb:8765/'
> conn = phoenixdb.connect(database_url, autocommit=True,
> authentication="SPNEGO")
> {noformat}
> Causes this exception:
> {noformat}
> >>> conn = phoenixdb.connect(database_url, autocommit=True,
> >>> authentication="SPNEGO")
> venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py:121:
> RuntimeWarning: Unexpected end-group tag: Not all data was converted
> if not err.ParseFromString(message.wrapped_message):
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> File "venv/lib/python3.6/site-packages/phoenixdb/_init_.py", line 121, in
> connect
> return Connection(client, **kwargs)
> File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 53, in
> _init_
> self.open()
> File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 98, in
> open
> self._client.open_connection(self._id, info=self._phoenix_props)
> File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line
> 363, in open_connection
> response_data = self._apply(request)
> File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line
> 215, in _apply
> parse_error_protobuf(response_body)
> File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line
> 128, in parse_error_protobuf
> raise_sql_error(err.error_code, err.sql_state, err.error_message)
> File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line
> 96, in raise_sql_error
> raise errors.InternalError(message, code, sqlstate)
> phoenixdb.errors.InternalError: ('', 0, '', None)
> {noformat}
> This problem is caused by the authentication mechanism because phoenixdb is
> using Kerberos 5 instead of SPNEGO.
> To resolve the issue we have patched the package applying the idea behind the
> "Explicit Mechanism" described in [https://pypi.org/project/requests-gssapi/]
> when the authentication is SPNEGO. The attached file has the patch applied.
> If you want, I can create a branch and pull request this change.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
