[jira] [Commented] (NIFI-5041) Add convenient SPNEGO/Kerberos authentication support to LivySessionController

Thu, 31 May 2018 08:09:40 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-5041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16496686#comment-16496686
 ] 

ASF subversion and git services commented on NIFI-5041:
-------------------------------------------------------

Commit a1794b101ea843410606b65bbb75fd8bc87ccd39 in nifi's branch 
refs/heads/master from [~petertoth]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=a1794b1 ]

NIFI-5041: Adds SPNEGO authentication to LivySessionController

NIFI-5041: fixes http client version issue

Change-Id: I1b87ec4752ff6e1603025883a72113919aba5dd4

NIFI-5041: fixes Kerberos configuration

Change-Id: I868fdf3ea7cfd28cf415164e420f23bf3f6eefeb

NIFI-5041: adds new NOTICE entries

NIFI-5041: yields processor if no session is available, fixes error handling in 
session manager thread, fixes error returned in KerberosKeytabSPNegoScheme on 
authentication failure

Change-Id: I443e063ae21c446980087e5464a4b70373d730f6

NIFI-5041: makes the session manager thread exceptions visible to the users

Change-Id: I33fde5df6933cec2a87a4d82e681d4464f21b459

NIFI-5041: adds special SessionManagerException to identify error occurred on 
session manager thread

Change-Id: I25a52c025376a0cd238f14bda533d6f5f3e5fb4a

This closes #2630

Signed-off-by: Matthew Burgess <mattyb...@apache.org>


> Add convenient SPNEGO/Kerberos authentication support to LivySessionController
> ------------------------------------------------------------------------------
>
>                 Key: NIFI-5041
>                 URL: https://issues.apache.org/jira/browse/NIFI-5041
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Peter Toth
>            Priority: Minor
>             Fix For: 1.7.0
>
>
> Livy requires SPNEGO/Kerberos authentication on a secured cluster. Initiating 
> such an authentication from NiFi is a viable by providing a 
> java.security.auth.login.config system property 
> (https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/lab/part6.html),
>  but this is a bit cumbersome and needs kinit running outside of NiFi.
> An alternative and more sophisticated solution would be to do the SPNEGO 
> negotiation programmatically.
>  * This solution would add some new properties to the LivySessionController 
> to fetch kerberos principal and password/keytab
>  * Add the required HTTP Negotiate header (with an SPNEGO token) to the 
> HttpURLConnection to do the authentication programmatically 
> (https://tools.ietf.org/html/rfc4559)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to