[jira] [Commented] (CALCITE-1214) Support url-based kerberos login
[ https://issues.apache.org/jira/browse/CALCITE-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15262743#comment-15262743 ] Josh Elser commented on CALCITE-1214: - bq. How do you know that renewal threads get closed? Should Avatica be using an execution service for this kind of stuff, so we can use a small thread pool for everything? Drat. My thought process was that closing the AvaticaConnection should also stop this thread (since the provided credentials are limited to the HttpClient which is contained by a RemoteService which is contained by the Connection instance. I forgot to connect this up. bq. instances of AvaticaConnection, RemoteMeta, KerberosUtil (aka KerberosConnection) and Service are in one-to-one (possibly optional one-to-one) correspondence. If that is the case, they should all be able to find out about each other, even though currently the "arrows" may point in the wrong direction. I have sort of started a precedent of using the AvaticaConnection instance as the "discovery" point for this. While I don't necessarily like it, I always don't want to commit to a re-work of this all before an avatica-1.8.0. How do you feel about a bookmark to revisit this topic (proper ordering/construction/sharing of objects used by an AvaticaConnection)? > Support url-based kerberos login > > > Key: CALCITE-1214 > URL: https://issues.apache.org/jira/browse/CALCITE-1214 > Project: Calcite > Issue Type: Improvement > Components: avatica >Reporter: Josh Elser >Assignee: Josh Elser > Fix For: avatica-1.8.0 > > > I was talking with someone today about JDBC drivers in BI-tools/app-servers > which reminded me about the general guidance to "make your driver work with a > jar and a JDBC url". > With the work I added recently to support client authentication with > Kerberos, I wrote it under the expectation that clients are already logged in > via a ticket cache (and have the appropriate system properties or environment > variables set to point at the ticket cache). This doesn't jive with the > original "jar and url" notion. > It should be pretty easy to support a principal and keytab property to enable > these types of environments. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CALCITE-1214) Support url-based kerberos login
[ https://issues.apache.org/jira/browse/CALCITE-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15262692#comment-15262692 ] Julian Hyde commented on CALCITE-1214: -- Regarding services. It seems to me that instances of AvaticaConnection, RemoteMeta, KerberosUtil (aka KerberosConnection) and Service are in one-to-one (possibly optional one-to-one) correspondence. If that is the case, they should all be able to find out about each other, even though currently the "arrows" may point in the wrong direction. > Support url-based kerberos login > > > Key: CALCITE-1214 > URL: https://issues.apache.org/jira/browse/CALCITE-1214 > Project: Calcite > Issue Type: Improvement > Components: avatica >Reporter: Josh Elser >Assignee: Josh Elser > Fix For: avatica-1.8.0 > > > I was talking with someone today about JDBC drivers in BI-tools/app-servers > which reminded me about the general guidance to "make your driver work with a > jar and a JDBC url". > With the work I added recently to support client authentication with > Kerberos, I wrote it under the expectation that clients are already logged in > via a ticket cache (and have the appropriate system properties or environment > variables set to point at the ticket cache). This doesn't jive with the > original "jar and url" notion. > It should be pretty easy to support a principal and keytab property to enable > these types of environments. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CALCITE-1214) Support url-based kerberos login
[ https://issues.apache.org/jira/browse/CALCITE-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15262676#comment-15262676 ] Josh Elser commented on CALCITE-1214: - bq. I think you need to rename KerberosUtility. Utilities don't have state, whereas KerberosUtility has mutable state and presumably thread-safety issues if it is used wrongly. KerberosConnection might be more fitting. Good point. It was once a static class without state. Will modify. Thanks for looking! > Support url-based kerberos login > > > Key: CALCITE-1214 > URL: https://issues.apache.org/jira/browse/CALCITE-1214 > Project: Calcite > Issue Type: Improvement > Components: avatica >Reporter: Josh Elser >Assignee: Josh Elser > Fix For: avatica-1.8.0 > > > I was talking with someone today about JDBC drivers in BI-tools/app-servers > which reminded me about the general guidance to "make your driver work with a > jar and a JDBC url". > With the work I added recently to support client authentication with > Kerberos, I wrote it under the expectation that clients are already logged in > via a ticket cache (and have the appropriate system properties or environment > variables set to point at the ticket cache). This doesn't jive with the > original "jar and url" notion. > It should be pretty easy to support a principal and keytab property to enable > these types of environments. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CALCITE-1214) Support url-based kerberos login
[ https://issues.apache.org/jira/browse/CALCITE-1214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15262669#comment-15262669 ] Julian Hyde commented on CALCITE-1214: -- I think you need to rename KerberosUtility. Utilities don't have state, whereas KerberosUtility has mutable state and presumably thread-safety issues if it is used wrongly. KerberosConnection might be more fitting. > Support url-based kerberos login > > > Key: CALCITE-1214 > URL: https://issues.apache.org/jira/browse/CALCITE-1214 > Project: Calcite > Issue Type: Improvement > Components: avatica >Reporter: Josh Elser >Assignee: Josh Elser > Fix For: avatica-1.8.0 > > > I was talking with someone today about JDBC drivers in BI-tools/app-servers > which reminded me about the general guidance to "make your driver work with a > jar and a JDBC url". > With the work I added recently to support client authentication with > Kerberos, I wrote it under the expectation that clients are already logged in > via a ticket cache (and have the appropriate system properties or environment > variables set to point at the ticket cache). This doesn't jive with the > original "jar and url" notion. > It should be pretty easy to support a principal and keytab property to enable > these types of environments. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
