Re: [geomesa-users] kerberos auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [geomesa-users] kerberos auth

From: "Xu (Simon) Chen" <xchenum@xxxxxxxxx>
Date: Fri, 5 Jun 2015 19:02:21 -0400
Delivered-to: geomesa-users@xxxxxxxxxxxxxxxx
List-archive: <https://www.locationtech.org/mhonarc/lists/geomesa-users>
List-help: <mailto:geomesa-users-request@locationtech.org?subject=help>
List-subscribe: <http://www.locationtech.org/mailman/listinfo/geomesa-users>, <mailto:geomesa-users-request@locationtech.org?subject=subscribe>
List-unsubscribe: <http://www.locationtech.org/mailman/options/geomesa-users>, <mailto:geomesa-users-request@locationtech.org?subject=unsubscribe>

Jim,

Sure... I've been reading the code and trying to get a patch going. I'll be happy to send in a pull request at some point.

Before I go too far, how shall we decide to perform kerberos auth instead of password auth? My current plan is to make user and password both optional. And if user is null, AccumuloDataStoreFactory would try to use KerberosToken() instead. Does this make sense, or would you rather pass in a boolean flag, like kerboersAuth, which defaults to false?

Basically with kerberos, there is no need to pass in user/pass - a kerberos ticket (usually stored locally in filename $KRB5CCNAME) is tied to a kerberos principal (user@realm) and can be used for authentication.

Thanks.

-Simon

On Fri, Jun 5, 2015 at 6:18 PM, Jim Hughes <jnh5y@xxxxxxxx> wrote:

Hi Simon,

In general, we do plan to support new Accumulo features such as this. At the minute, it isn't on the our immediate internal development schedule.

That said, if you're willing to share in some of the legwork, we can likely coordinate a branch that will get the ball rolling. If you can help identify some of the config we'd need to pass in (as a replacement for a username/password), we can start to think about would have to change.

Assuming that you are willing to share in some of the development, I'd be happy to see this move along.

Cheers,

Jim

On 06/05/2015 03:28 PM, Xu (Simon) Chen wrote:
Hey folks,

I just converted my accumulo to 1.7 and enabled kerberos auth. Now I need to get geomesa-quickstart to work with kerberos auth.

Currently, it looks like the current AccumuloDataStoreFactory's buildAccumuloConnector function is tied to password auth, at least in rc7_a1.7_h2.5 branch (thanks, Jim!) and master branch.

https://github.com/locationtech/geomesa/blob/master/geomesa-accumulo/geomesa-accumulo-datastore/src/main/scala/org/locationtech/geomesa/accumulo/data/AccumuloDataStoreFactory.scala#L167

https://github.com/locationtech/geomesa/blob/rc7_a1.7_h2.5/geomesa-core/src/main/scala/org/locationtech/geomesa/core/data/AccumuloDataStoreFactory.scala#L167

I am curious if there is any plan to support kerberos auth of accumulo in geomesa.

Thanks.

-Simon
_______________________________________________
geomesa-users mailing list
geomesa-users@xxxxxxxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
http://www.locationtech.org/mailman/listinfo/geomesa-users
_______________________________________________
geomesa-users mailing list
geomesa-users@xxxxxxxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
http://www.locationtech.org/mailman/listinfo/geomesa-users

Follow-Ups:
- Re: [geomesa-users] kerberos auth
  - From: James Hughes

References:
- [geomesa-users] kerberos auth
  - From: Xu (Simon) Chen
- Re: [geomesa-users] kerberos auth
  - From: Jim Hughes

Prev by Date: Re: [geomesa-users] kerberos auth
Next by Date: Re: [geomesa-users] kerberos auth
Previous by thread: Re: [geomesa-users] kerberos auth
Next by thread: Re: [geomesa-users] kerberos auth
Index(es):
- Date
- Thread

Breadcrumbs