[I] [FEATURE] Support login from a proxy user [kyuubi]

Thu, 12 Oct 2023 22:14:57 -0700 


gabrywu opened a new issue, #5411:
URL: https://github.com/apache/kyuubi/issues/5411

   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of 
Conduct](https://www.apache.org/foundation/policies/conduct)
   
   
   ### Search before asking
   
   - [X] I have searched in the 
[issues](https://github.com/apache/kyuubi/issues?q=is%3Aissue) and found no 
similar issues.
   
   
   ### Describe the feature
   
   As of now, kyuubi get subject like this.
   
   ```java
     private Subject createSubject() {
       if (isKeytabAuthMode()) {
         String principal = sessConfMap.get(AUTH_KYUUBI_CLIENT_PRINCIPAL);
         String keytab = sessConfMap.get(AUTH_KYUUBI_CLIENT_KEYTAB);
         return 
KerberosAuthenticationManager.getKeytabAuthentication(principal, 
keytab).getSubject();
       } else if (isFromSubjectAuthMode()) {
         AccessControlContext context = AccessController.getContext();
         return Subject.getSubject(context);
       } else if (isTgtCacheAuthMode()) {
         return 
KerberosAuthenticationManager.getTgtCacheAuthentication().getSubject();
       } else {
         // This should never happen
         throw new IllegalArgumentException("Unsupported auth mode");
       }
     }
   ```
   However when isFromSubjectAuthMode is true, it doesn't check if current 
subject has any credentials. We'd better double-check that if possible.
   
   If current subject doesn't have any credentials, we'd better use left auth 
mode to get subject, such as TgtCacheAuthMode
   
   ### Motivation
   
   _No response_
   
   ### Describe the solution
   
   _No response_
   
   ### Additional context
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [ ] Yes. I would be willing to submit a PR with guidance from the Kyuubi 
community to improve.
   - [X] No. I cannot submit a PR at this time.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to