[jira] [Commented] (PHOENIX-6414) Access to Phoenix from Python using SPNEGO

Fri, 28 Feb 2025 06:27:33 -0800 


    [ 
https://issues.apache.org/jira/browse/PHOENIX-6414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17931489#comment-17931489
 ] 

Istvan Toth commented on PHOENIX-6414:
--------------------------------------

I have dug into SPNEGO some more.
The OID we are using correctly is the correct one, using the Kerberos OID was a 
bug.

> Access to Phoenix from Python using SPNEGO
> ------------------------------------------
>
>                 Key: PHOENIX-6414
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-6414
>             Project: Phoenix
>          Issue Type: Bug
>          Components: python, queryserver
>    Affects Versions: queryserver-6.0.0
>            Reporter: Carlos García Montoro
>            Assignee: Carlos García Montoro
>            Priority: Major
>              Labels: patch
>             Fix For: queryserver-6.0.0, python-phoenixdb-1.0.1
>
>         Attachments: phoenixdb.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> When connecting to Phoenix from Python using "SPNEGO" as the authentication 
> mechanism an exception occurs:
> {noformat}
> import phoenixdb
> import phoenixdb.cursor
> database_url = 'http://myphoenixdb:8765/'
> conn = phoenixdb.connect(database_url, autocommit=True, 
> authentication="SPNEGO")
> {noformat}
> Causes this exception:
> {noformat}
> >>> conn = phoenixdb.connect(database_url, autocommit=True, 
> >>> authentication="SPNEGO")
> venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py:121: 
> RuntimeWarning: Unexpected end-group tag: Not all data was converted
>  if not err.ParseFromString(message.wrapped_message):
> Traceback (most recent call last):
>  File "<stdin>", line 1, in <module>
>  File "venv/lib/python3.6/site-packages/phoenixdb/_init_.py", line 121, in 
> connect
>  return Connection(client, **kwargs)
>  File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 53, in 
> _init_
>  self.open()
>  File "venv/lib/python3.6/site-packages/phoenixdb/connection.py", line 98, in 
> open
>  self._client.open_connection(self._id, info=self._phoenix_props)
>  File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
> 363, in open_connection
>  response_data = self._apply(request)
>  File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
> 215, in _apply
>  parse_error_protobuf(response_body)
>  File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
> 128, in parse_error_protobuf
>  raise_sql_error(err.error_code, err.sql_state, err.error_message)
>  File "venv/lib/python3.6/site-packages/phoenixdb/avatica/client.py", line 
> 96, in raise_sql_error
>  raise errors.InternalError(message, code, sqlstate)
> phoenixdb.errors.InternalError: ('', 0, '', None)
> {noformat}
> This problem is caused by the authentication mechanism because phoenixdb is 
> using Kerberos 5 instead of SPNEGO.
> To resolve the issue we have patched the package applying the idea behind the 
> "Explicit Mechanism" described in [https://pypi.org/project/requests-gssapi/] 
> when the authentication is SPNEGO. The attached file has the patch applied.
> If you want, I can create a branch and pull request this change.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to