BMFH commented on issue #28919:
URL: https://github.com/apache/airflow/issues/28919#issuecomment-1398123889
@potiuk Thank you for answer! I guessed if we do everything exactly as
described in the documentation it would work. But it seems I was wrong.
I'm not a developer, I'm just a DevOps engineer and I have not idea how it
should work exactly, but I try to understand the logic.
1. What we have before:
I added some logging in the security.py and I can see that user variable =
"domain_user_name@KERBEROS-REALM".
In my case it is
`янв 20 11:27:29 nginx-test airflow[677767]: [2023-01-20 11:27:29,292]
{security.py:418} INFO - !user is Dmitriy.Kondratyev@CORP.mycompany.DIGITAL`
I tried to add Airflow user with this username, but it doesn't work.
2. I added your fix and create user with email =
domain_user_name@KERBEROS-REALM
It works. User was authenticated.
And here we have little problem. Email domain is not always have the same
name as the kerberos realm.
3. I changed your code for looking username parameter.
`g.user =
get_airflow_app().appbuilder.sm.find_user(username=ctx.kerberos_user)`
Created user with username "domain_user_name@KERBEROS-REALM" and it works!
So, to make kerberos auth work with API interface we need to apply this fix
(with searching by username) and create an airflow user with
username=domain_user@KERBEROS-REALM.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
