When I remove the SPNEGO properties and set the krb5 file # kerberos # nifi.kerberos.krb5.file=/etc/krb5.conf
020-12-14 10:09:44,477 WARN [NiFi Web Server-19] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi.. Returning Conflict response. java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi. Also threw exception about OpenID Connect not configured. Nifi 1.11.4 ________________________________ From: Darren Govoni <dar...@ontrenet.com> Sent: Monday, December 14, 2020 10:00 AM To: users@nifi.apache.org <users@nifi.apache.org> Subject: Re: Secure Mode & Kerberos Hi Bryan I did do that but still got the warning/error. But I will go back and verify this. Darren Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android<https://aka.ms/ghei36> ________________________________ From: Bryan Bende <bbe...@gmail.com> Sent: Monday, December 14, 2020 9:37:33 AM To: users@nifi.apache.org <users@nifi.apache.org> Subject: Re: Secure Mode & Kerberos You don't need to have NiFi secured with Kerberos in order to use HDFS processors talking to kerberized HDFS. You just need to specify the krb5.conf in nifi.properties, and you need to provide the HDFS processors with a core-site.xml that has security set to kerberos. On Mon, Dec 14, 2020 at 9:28 AM Darren Govoni <dar...@ontrenet.com> wrote: > > Hi, > I want to test the HDFS processors using Kerberos, but they trigger a > warning saying Nifi is not running in secure mode, so it ignores kerberos. > > In order to get Nifi into secure mode I had to enable SPNEGO which it seems > to want a kerberos header to allow me into the app now. > > Is there a way to allow processors to run securely with kerberos without > having to auth myself into the app via kerberos? Which I'm not sure how to do. > > Darren > > PS. I do have a Apache Kerby KDC running locally if that can help me auth > into Nifi.
