nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Villard <pierre.villard...@gmail.com>
Subject Re: Keytab Configuration for Nifi processor
Date Fri, 09 Jun 2017 12:20:36 GMT
You're right, I thought I already did it this way but just tried again and
it does not work. My bad.
Your best option is to use a dedicated keytab (not a service keytab),
that's the best practice to manage authorizations properly.
But NiFi could certainly be improved to accept _HOST pattern as it's done
in other tools.

2017-06-09 12:49 GMT+02:00 Shashi Vishwakarma <shashi.vish123@gmail.com>:

> PutHDFS processor does not resolves hostname when I pass nifi/_HOST@REALM.
> Anyone way to configure it ?
>
> On Fri, Jun 9, 2017 at 10:52 AM, Shashi Vishwakarma <
> shashi.vish123@gmail.com> wrote:
>
>> Hi
>>
>> Above solution did not worked. In log I can see that Kerberos error as
>> "Unable to obtain password".  Nifi is not able to resolve _HOST value .
>>
>> Thanks
>> Shashi
>>
>> On Thu, Jun 8, 2017 at 9:10 PM, Pierre Villard <
>> pierre.villard.fr@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> Using nifi/_HOST@REALM
>>> should resolve your problem.
>>>
>>> Hope this helps.
>>>
>>>
>>> 2017-06-08 22:00 GMT+02:00 Shashi Vishwakarma <shashi.vish123@gmail.com>
>>> :
>>>
>>>> Hi
>>>>
>>>> I have Nifi 3 node cluster (Installed Via Hortonworks Data Flow - HDF )
>>>> in Kerborized environment. As part of installation Ambari has created nifi
>>>> service keytab .
>>>>
>>>> Can I use this nifi.service.keytab for configuring processors like
>>>> PutHDFS who talks to Hadoop services ?
>>>>
>>>> The nifi.service.keytab is machine specific and always expect principal
>>>> names with machine information. ex nifi/HOSTNAME@REALM
>>>>
>>>> If I configure my Processor with nfii/NODE1_Hostname@REALM information
>>>> then I see kerberos authentication exception in other two nodes.
>>>>
>>>> How do I dynamically resolve hostname to use nifi service  keytab  ?
>>>>
>>>> Thanks
>>>> Shashi
>>>>
>>>
>>>
>>
>

Mime
View raw message