[ https://issues.apache.org/jira/browse/NIFI-5041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435788#comment-16435788 ]
ASF GitHub Bot commented on NIFI-5041: -------------------------------------- Github user peter-toth commented on a diff in the pull request: https://github.com/apache/nifi/pull/2630#discussion_r181127144 --- Diff: pom.xml --- @@ -94,6 +94,7 @@ <org.slf4j.version>1.7.25</org.slf4j.version> <ranger.version>0.7.1</ranger.version> <jetty.version>9.4.3.v20170317</jetty.version> + <httpclient.version>4.5.5</httpclient.version> --- End diff -- I'm not sure I got this issue right. I removed this property and replaced it to a direct version specification where it was used. Is that enough? > Add convenient SPNEGO/Kerberos authentication support to LivySessionController > ------------------------------------------------------------------------------ > > Key: NIFI-5041 > URL: https://issues.apache.org/jira/browse/NIFI-5041 > Project: Apache NiFi > Issue Type: Improvement > Affects Versions: 1.5.0 > Reporter: Peter Toth > Priority: Minor > > Livy requires SPNEGO/Kerberos authentication on a secured cluster. Initiating > such an authentication from NiFi is a viable by providing a > java.security.auth.login.config system property > (https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/lab/part6.html), > but this is a bit cumbersome and needs kinit running outside of NiFi. > An alternative and more sophisticated solution would be to do the SPNEGO > negotiation programmatically. > * This solution would add some new properties to the LivySessionController > to fetch kerberos principal and password/keytab > * Add the required HTTP Negotiate header (with an SPNEGO token) to the > HttpURLConnection to do the authentication programmatically > (https://tools.ietf.org/html/rfc4559) -- This message was sent by Atlassian JIRA (v7.6.3#76005)