[
https://issues.apache.org/jira/browse/PHOENIX-4688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16543464#comment-16543464
]
ASF GitHub Bot commented on PHOENIX-4688:
-----------------------------------------
Github user joshelser commented on the issue:
https://github.com/apache/phoenix/pull/307
Ok, where I'm at now:
* Python 2.7.15 (installed via pyenv)
* Using virtualenv to circumvent the .sh script
* Modified the junit test to just leave it running
* Modified the junit test to just use the minikdc's kdc.conf
* Pulled back the pykerberos dependency to 1.1.14 to get past an "illegal
instruction error" that I get with pykerberos-1.2.1 (or whatever pip found)
This gets the phoenixdb client to actually submit the initial POST and get
the `WWW-Authenticate: Negotiate` header back. However, my client seems to be
unable to generate its challenge data from our mini kdc:
```
DEBUG:phoenixdb.avatica.client:POST http://localhost:60358/
'\n@org.apache.calcite.avatica.proto.Requests$CloseConnectionRequest\x12&\n$f71fb5c5-a814-4766-9691-8aeddfc0eea4'
{'content-type': 'application/x-google-protobuf'}
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1):
localhost:60358
send: 'POST / HTTP/1.1\r\nHost: localhost:60358\r\nConnection:
keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nUser-Agent:
python-requests/2.19.1\r\ncontent-type:
application/x-google-protobuf\r\nContent-Length:
106\r\n\r\n\n@org.apache.calcite.avatica.proto.Requests$CloseConnectionRequest\x12&\n$f71fb5c5-a814-4766-9691-8aeddfc0eea4'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Date: Fri, 13 Jul 2018 17:06:02 GMT
header: WWW-Authenticate: Negotiate
header: Cache-Control: must-revalidate,no-cache,no-store
header: Content-Type: text/html; charset=ISO-8859-1
header: Content-Length: 281
header: Server: Jetty(9.2.19.v20160908)
DEBUG:urllib3.connectionpool:http://localhost:60358 "POST / HTTP/1.1" 401
281
DEBUG:requests_kerberos.kerberos_:handle_401(): Handling: 401
ERROR:requests_kerberos.kerberos_:generate_request_header():
authGSSClientStep() failed:
Traceback (most recent call last):
File
"/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
line 235, in generate_request_header
negotiate_resp_value)
GSSError: (('Unspecified GSS failure. Minor code may provide more
information', 851968), ('Message stream modified', 100001))
ERROR:requests_kerberos.kerberos_:(('Unspecified GSS failure. Minor code
may provide more information', 851968), ('Message stream modified', 100001))
Traceback (most recent call last):
File
"/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
line 235, in generate_request_header
negotiate_resp_value)
GSSError: (('Unspecified GSS failure. Minor code may provide more
information', 851968), ('Message stream modified', 100001))
```
I can't seem to unwrap what's wrong with the request to the KDC which is
preventing that from happening. Need to find more debug...
> Add kerberos authentication to python-phoenixdb
> -----------------------------------------------
>
> Key: PHOENIX-4688
> URL: https://issues.apache.org/jira/browse/PHOENIX-4688
> Project: Phoenix
> Issue Type: Improvement
> Reporter: Lev Bronshtein
> Priority: Minor
>
> In its current state python-phoenixdv does not support support kerberos
> authentication. Using a modern python http library such as requests or
> urllib it would be simple (if not trivial) to add this support.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
