phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From joshelser <...@git.apache.org>
Subject [GitHub] phoenix issue #307: PHOENIX-4688 Kerberize python phoenixdb
Date Fri, 13 Jul 2018 17:23:09 GMT
Github user joshelser commented on the issue:

    https://github.com/apache/phoenix/pull/307
  
    Ok, where I'm at now:
    * Python 2.7.15 (installed via pyenv)
    * Using virtualenv to circumvent the .sh script
    * Modified the junit test to just leave it running
    * Modified the junit test to just use the minikdc's kdc.conf
    * Pulled back the pykerberos dependency to 1.1.14 to get past an "illegal instruction
error" that I get with pykerberos-1.2.1 (or whatever pip found)
    
    This gets the phoenixdb client to actually submit the initial POST and get the `WWW-Authenticate:
Negotiate` header back. However, my client seems to be unable to generate its challenge data
from our mini kdc:
    ```
    DEBUG:phoenixdb.avatica.client:POST http://localhost:60358/ '\n@org.apache.calcite.avatica.proto.Requests$CloseConnectionRequest\x12&\n$f71fb5c5-a814-4766-9691-8aeddfc0eea4'
{'content-type': 'application/x-google-protobuf'}
    DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:60358
    send: 'POST / HTTP/1.1\r\nHost: localhost:60358\r\nConnection: keep-alive\r\nAccept-Encoding:
gzip, deflate\r\nAccept: */*\r\nUser-Agent: python-requests/2.19.1\r\ncontent-type: application/x-google-protobuf\r\nContent-Length:
106\r\n\r\n\n@org.apache.calcite.avatica.proto.Requests$CloseConnectionRequest\x12&\n$f71fb5c5-a814-4766-9691-8aeddfc0eea4'
    reply: 'HTTP/1.1 401 Unauthorized\r\n'
    header: Date: Fri, 13 Jul 2018 17:06:02 GMT
    header: WWW-Authenticate: Negotiate
    header: Cache-Control: must-revalidate,no-cache,no-store
    header: Content-Type: text/html; charset=ISO-8859-1
    header: Content-Length: 281
    header: Server: Jetty(9.2.19.v20160908)
    DEBUG:urllib3.connectionpool:http://localhost:60358 "POST / HTTP/1.1" 401 281
    DEBUG:requests_kerberos.kerberos_:handle_401(): Handling: 401
    ERROR:requests_kerberos.kerberos_:generate_request_header(): authGSSClientStep() failed:
    Traceback (most recent call last):
      File "/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
line 235, in generate_request_header
        negotiate_resp_value)
    GSSError: (('Unspecified GSS failure.  Minor code may provide more information', 851968),
('Message stream modified', 100001))
    ERROR:requests_kerberos.kerberos_:(('Unspecified GSS failure.  Minor code may provide
more information', 851968), ('Message stream modified', 100001))
    Traceback (most recent call last):
      File "/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
line 235, in generate_request_header
        negotiate_resp_value)
    GSSError: (('Unspecified GSS failure.  Minor code may provide more information', 851968),
('Message stream modified', 100001))
    ```
    I can't seem to unwrap what's wrong with the request to the KDC which is preventing that
from happening. Need to find more debug...


---

Mime
View raw message