Re: [geomesa-users] kerberos auth

["James Hughes" <jnh5y@xxxxxxxx>]

Simon,

I think I prefer the first option given the context of Accumulo 1.7.  The PR can go against just that branch.  I'm happy to look at intermediate branches to answer questions or provide feedback.  

In terms of contributing, GeoMesa is open-sourced through the Eclipse Foundation, so you'll need to register for an Eclipse account to sign a contributor license agreement.  I'll try and send along some more details about that off-list.

Thanks in advance for the contribution!  Cheers,

Jim

----- Original Message -----

From:

"Geomesa User discussions" <geomesa-users@xxxxxxxxxxxxxxxx>

To:

"Geomesa User discussions" <geomesa-users@xxxxxxxxxxxxxxxx>

Cc:

Sent:

Fri, 5 Jun 2015 19:02:21 -0400

Subject:

Re: [geomesa-users] kerberos auth

Jim,

Sure... I've been reading the code and trying to get a patch going. I'll be happy to send in a pull request at some point.

Before I go too far, how shall we decide to perform kerberos auth instead of password auth? My current plan is to make user and password both optional. And if user is null, AccumuloDataStoreFactory would try to use KerberosToken() instead. Does this make sense, or would you rather pass in a boolean flag, like kerboersAuth, which defaults to false?

Basically with kerberos, there is no need to pass in user/pass - a kerberos ticket (usually stored locally in filename $KRB5CCNAME) is tied to a kerberos principal (user@realm) and can be used for authentication.

Thanks.

-Simon

On Fri, Jun 5, 2015 at 6:18 PM, Jim Hughes <jnh5y@xxxxxxxx> wrote:

Hi Simon,

In general, we do plan to support new Accumulo features such as this.  At the minute, it isn't on the our immediate internal development schedule. 

That said, if you're willing to share in some of the legwork, we can likely coordinate a branch that will get the ball rolling.  If you can help identify some of the config we'd need to pass in (as a replacement for a username/password), we can start to think about would have to change.

Assuming that you are willing to share in some of the development, I'd be happy to see this move along. 

Cheers,

Jim

On 06/05/2015 03:28 PM, Xu (Simon) Chen wrote:

Hey folks,

I just converted my accumulo to 1.7 and enabled kerberos auth. Now I need to get geomesa-quickstart to work with kerberos auth.

Currently, it looks like the current AccumuloDataStoreFactory's buildAccumuloConnector function is tied to password auth, at least in rc7_a1.7_h2.5 branch (thanks, Jim!) and master branch.

https://github.com/locationtech/geomesa/blob/master/geomesa-accumulo/geomesa-accumulo-datastore/src/main/scala/org/locationtech/geomesa/accumulo/data/AccumuloDataStoreFactory.scala#L167

https://github.com/locationtech/geomesa/blob/rc7_a1.7_h2.5/geomesa-core/src/main/scala/org/locationtech/geomesa/core/data/AccumuloDataStoreFactory.scala#L167

I am curious if there is any plan to support kerberos auth of accumulo in geomesa.

Thanks.

-Simon

_______________________________________________
geomesa-users mailing list
geomesa-users@xxxxxxxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
http://www.locationtech.org/mailman/listinfo/geomesa-users

_______________________________________________
geomesa-users mailing list
geomesa-users@xxxxxxxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
http://www.locationtech.org/mailman/listinfo/geomesa-users