calcite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <>
Subject Re: When connect to PQS thin client through proxy server using spnego.
Date Mon, 06 Mar 2017 19:06:39 GMT
You don't (typically) :)

The thin client needs to authenticate to the proxy server and then the 
proxy server would perform the SPNEGO authentication as itself to the 
backend server (PQS).

One of the perks of using a proxy server like this is that you can use a 
very simple authentication method to the proxy server (HTTP BASIC auth) 
instead of SPNEGO (which is much more error-prone).

Assuming your situation hasn't changed, this would be some amount of 
configuration of Apache Knox to authenticate to PQS and "impersonate" 
you. This might be dependent on some Knox work (configuration, if 
nothing else), maybe also on your patch from CALCITE-1539.

Shi Wang wrote:
> Hi,
> Normally if I use PQS thin client SPNEGO authentication, just need to
> specify keytab and principal in the query string. But if before reaching
> PQS, need to do Basic auth to a proxy server. How do I encapsulate both
> the credential for Basic auth and the SPNEGO credential?
> Best,
> Shi

View raw message