[
https://issues.apache.org/jira/browse/PHOENIX-4688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16636113#comment-16636113
]
Josh Elser commented on PHOENIX-4688:
-------------------------------------
{noformat}
+ python
/Users/jelser/projects/phoenix.git/phoenix-queryserver/./src/it/bin/test_phoenixdb.py
51475
CREATING PQS CONNECTION
DEBUG:phoenixdb.avatica.client:Sending request
connection_id: "8a638e07-34cb-4d05-acfa-0dc9970e2522"
DEBUG:phoenixdb.avatica.client:POST http://localhost:51475/
b'\n?org.apache.calcite.avatica.proto.Requests$OpenConnectionRequest\x12&\n$8a638e07-34cb-4d05-acfa-0dc9970e2522'
{'content-type': 'application/x-google-protobuf'}
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:51475
DEBUG:urllib3.connectionpool:http://localhost:51475 "POST / HTTP/1.1" 401 320
DEBUG:requests_kerberos.kerberos_:handle_401(): Handling: 401
[4684] 1538514004.487266: ccselect module realm chose cache
FILE:/tmp/krb5cc_502 with client principal [email protected] for server
principal HTTP/[email protected]
[4684] 1538514004.487267: Getting credentials [email protected] ->
HTTP/localhost@ using ccache FILE:/tmp/krb5cc_502
[4684] 1538514004.487268: Retrieving [email protected] -> HTTP/localhost@ from
FILE:/tmp/krb5cc_502 with result: -1765328243/Matching credential not found
(filename: /tmp/krb5cc_502)
[4684] 1538514004.487269: Retrying [email protected] ->
HTTP/[email protected] with result: -1765328243/Matching credential not
found (filename: /tmp/krb5cc_502)
[4684] 1538514004.487270: Server has referral realm; starting with
HTTP/[email protected]
[4684] 1538514004.487271: Retrieving [email protected] ->
krbtgt/[email protected] from FILE:/tmp/krb5cc_502 with result: 0/Success
[4684] 1538514004.487272: Starting with TGT for client realm: [email protected]
-> krbtgt/[email protected]
[4684] 1538514004.487273: Requesting tickets for HTTP/[email protected],
referrals on
[4684] 1538514004.487274: Generated subkey for TGS request: aes128-cts/A291
[4684] 1538514004.487275: etypes requested in TGS request: aes256-cts,
aes128-cts, aes256-sha2, aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts,
camellia256-cts
[4684] 1538514004.487277: Encoding request body and padata into FAST request
[4684] 1538514004.487278: Sending request (812 bytes) to EXAMPLE.COM
[4684] 1538514004.487279: Resolving hostname tcp/localhost
ERROR:requests_kerberos.kerberos_:generate_request_header():
authGSSClientStep() failed:
Traceback (most recent call last):
File
"/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
line 235, in generate_request_header
negotiate_resp_value)
kerberos.GSSError: (('Unspecified GSS failure. Minor code may provide more
information', 851968), ("Cannot contact any KDC for realm 'EXAMPLE.COM'",
100001))
ERROR:requests_kerberos.kerberos_:(('Unspecified GSS failure. Minor code may
provide more information', 851968), ("Cannot contact any KDC for realm
'EXAMPLE.COM'", 100001))
Traceback (most recent call last):
File
"/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
line 235, in generate_request_header
negotiate_resp_value)
kerberos.GSSError: (('Unspecified GSS failure. Minor code may provide more
information', 851968), ("Cannot contact any KDC for realm 'EXAMPLE.COM'",
100001))
{noformat}
Re-running this on the command line by hand, we hang at the "Resolving hostname
tcp/localhost" line (which feels like the a DNS timeout looking for a system
with the hostname of "tcp/localhost" instead of just localhost). Makes me think
that my Python library isn't correctly handling this syntax (but Heimdal's
kinit is). No clue yet why I'm only seeing this..
> Add kerberos authentication to python-phoenixdb
> -----------------------------------------------
>
> Key: PHOENIX-4688
> URL: https://issues.apache.org/jira/browse/PHOENIX-4688
> Project: Phoenix
> Issue Type: Improvement
> Reporter: Lev Bronshtein
> Priority: Minor
>
> In its current state python-phoenixdv does not support support kerberos
> authentication. Using a modern python http library such as requests or
> urllib it would be simple (if not trivial) to add this support.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
