Re: Secure Mode & Kerberos

I see. Thank you. Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android From: Bryan Bende Sent: Monday, December 14, 2020 2:26:54 PM To: users@nifi.apache.org Subject: Re: Secure Mode & Kerberos It refers to what I said

Re: Secure Mode & Kerberos

It refers to what I said earlier about providing a core-site.xml to the processor that has: hadoop.security.authentication kerberos It means the core-site you provided doesn't have that, which indicates HDFS is not kerberized, but you filled in the kerberos properties on the processor,

Re: Secure Mode & Kerberos

Gotcha. Thanks. The only reason I got down this road is because the HDFS processors were logging "Configuration does not have security enabled, keytab and principal will be ignored." Which is a bit vague and left me thinking i needed to run Nifi in secure mode. The processors were configured f

Re: Secure Mode & Kerberos

Ok so you are authenticating with a client cert, so this has nothing to do with kerberos. Put the DN from the client cert as the initial admin in authorizers.xml and it generates the policies in authorizations.xml for you. You likely need to delete users.xml and authorizations.xml in order for it

Re: Secure Mode & Kerberos

I see this error in the browser [cid:6d423021-564f-4505-9f55-11a4628ebb86] Along with the exception in the log: Kerberos ticket login not supported by this NiFi That is just with adding the /etc/krb5.conf to nifi.properties per your suggestion. I do have a browser cert it prompted me to select.

Re: Secure Mode & Kerberos

I'm confused, how are you trying to authenticate to nifi and what is the error your are getting in the nifi UI when you attempt to access it? You said you didn't want to authenticate via kerberos, so the warning should not matter. On Mon, Dec 14, 2020 at 11:26 AM Darren Govoni wrote: > > Thanks

Re: Secure Mode & Kerberos

Thanks Bryan. I'm seeing in AccessResource.java that it will throw this exception if spnego is not configured or keberosService is null, which it is in my nifi. Doing a quick search for setKeberosService callers doesnt turn anything up in the code. And this exception prevents me accessing the a

Re: Secure Mode & Kerberos

That is just a warning that prints every time you refresh the UI, the UI makes a call to see if SPNEGO is enabled, it shouldn't impact anything, same case for OIDC. On Mon, Dec 14, 2020 at 10:15 AM Darren Govoni wrote: > > When I remove the SPNEGO properties and set the krb5 file > > # kerberos #

Re: Secure Mode & Kerberos

When I remove the SPNEGO properties and set the krb5 file # kerberos # nifi.kerberos.krb5.file=/etc/krb5.conf 020-12-14 10:09:44,477 WARN [NiFi Web Server-19] o.a.n.w.a.c.IllegalStateExceptionMapper java.lang.IllegalStateException: Kerberos ticket login not supported by this NiFi.. Returning C

Re: Secure Mode & Kerberos

Hi Bryan I did do that but still got the warning/error. But I will go back and verify this. Darren Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android From: Bryan Bende Sent: Monday, December 14, 2020 9:37:33 AM To: u

Re: Secure Mode & Kerberos

You don't need to have NiFi secured with Kerberos in order to use HDFS processors talking to kerberized HDFS. You just need to specify the krb5.conf in nifi.properties, and you need to provide the HDFS processors with a core-site.xml that has security set to kerberos. On Mon, Dec 14, 2020 at 9:28

Secure Mode & Kerberos

Hi, I want to test the HDFS processors using Kerberos, but they trigger a warning saying Nifi is not running in secure mode, so it ignores kerberos. In order to get Nifi into secure mode I had to enable SPNEGO which it seems to want a kerberos header to allow me into the app now. Is there a w