nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Bende <bbe...@gmail.com>
Subject Re: NIFI Multiple Kerberos configuration
Date Fri, 22 Jun 2018 14:37:44 GMT
Java assumes there is one krb5.conf file loaded by the JVM. It looks
for the system property java.security.krb5.conf or falls back to
looking in well-known locations, but still only expects one [1].

NiFi requires you to set the location in nifi.properties and uses that
value to set the system property above.

There may be a way to create a single krb5.conf with multiple KDCs,
but I'm not sure exactly how to do it.

[1] https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html

On Fri, Jun 22, 2018 at 10:10 AM, Milan Das <mdas@interset.com> wrote:
> The problem is krb5.conf. There are two different krb5.conf with two different kdc server.
> Regards,
> Milan Das
>
> ´╗┐On 6/22/18, 2:04 AM, "Koji Kawamura" <ijokarumawak@gmail.com> wrote:
>
>     Hi Milan,
>
>     I haven't tried myself, but since NiFi has Kerberos configuration per
>     Processor instance, e.g. ListHDFS or PutHDFS, NiFi should be able to
>     connect multiple Hadoop clusters accessed by different Kerberos principals
>     and keytabs. Principals must resolve domain (realm) correctly, if both
>     Hadoop cluster use the same domain such as 'EXAMPLE.COM', then it will be
>     problematic for NiFi to find the right KDC server.
>
>     Thanks,
>     Koji
>
>     On Fri, Jun 22, 2018 at 12:23 AM, Milan Das <mdas@interset.com> wrote:
>
>     > Hello Team,
>     >
>     > I have very unique problem. We are integration two kerberized haddop
>     > system and they have their own Kerbros setup.
>     >
>     > Is it possible to two Kerberos kdc configurations in NIFI ? Integration is
>     > Kafka from one Hadoop to Kafka on 2nd Hadoop.
>     >
>     > Really appreciate any thoughts.
>     >
>     >
>     >
>     > Regards,
>     >
>     > Milan Das
>     >
>     >
>     >
>     > [image: ograph]
>     >
>     > *Milan Das*
>     > Sr. System Architect
>     >
>     > email: mdas@interset.com
>     > mobile: +1 678 216 5660
>     >
>     > [image: edIn icon] <https://www.linkedin.com/in/milandas/>
>     >
>     > www.interset.com
>     >
>     >
>     >
>     >
>     >
>
>
>

Mime
View raw message