phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-4688) Add kerberos authentication to python-phoenixdb
Date Fri, 13 Jul 2018 17:27:00 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-4688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16543479#comment-16543479
] 

ASF GitHub Bot commented on PHOENIX-4688:
-----------------------------------------

Github user joshelser commented on the issue:

    https://github.com/apache/phoenix/pull/307
  
    Turning back on `KRB5_TRACE`...
    ```
    DEBUG:phoenixdb.avatica.client:POST http://localhost:60358/ '\n?org.apache.calcite.avatica.proto.Requests$OpenConnectionRequest\x12&\n$386e3317-e23e-4a0e-9fc6-2efaa546ffc4'
{'content-type': 'application/x-google-protobuf'}
    DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:60358
    send: 'POST / HTTP/1.1\r\nHost: localhost:60358\r\nConnection: keep-alive\r\nAccept-Encoding:
gzip, deflate\r\nAccept: */*\r\nUser-Agent: python-requests/2.19.1\r\ncontent-type: application/x-google-protobuf\r\nContent-Length:
105\r\n\r\n\n?org.apache.calcite.avatica.proto.Requests$OpenConnectionRequest\x12&\n$386e3317-e23e-4a0e-9fc6-2efaa546ffc4'
    reply: 'HTTP/1.1 401 Unauthorized\r\n'
    header: Date: Fri, 13 Jul 2018 17:23:46 GMT
    header: WWW-Authenticate: Negotiate
    header: Cache-Control: must-revalidate,no-cache,no-store
    header: Content-Type: text/html; charset=ISO-8859-1
    header: Content-Length: 281
    header: Server: Jetty(9.2.19.v20160908)
    DEBUG:urllib3.connectionpool:http://localhost:60358 "POST / HTTP/1.1" 401 281
    DEBUG:requests_kerberos.kerberos_:handle_401(): Handling: 401
    [28575] 1531502626.856661: ccselect module realm chose cache FILE:/tmp/krb5cc_502 with
client principal user1@EXAMPLE.COM for server principal HTTP/localhost@EXAMPLE.COM
    [28575] 1531502626.856662: Getting credentials user1@EXAMPLE.COM -> HTTP/localhost@
using ccache FILE:/tmp/krb5cc_502
    [28575] 1531502626.856663: Retrieving user1@EXAMPLE.COM -> HTTP/localhost@ from FILE:/tmp/krb5cc_502
with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_502)
    [28575] 1531502626.856664: Retrying user1@EXAMPLE.COM -> HTTP/localhost@EXAMPLE.COM
with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_502)
    [28575] 1531502626.856665: Server has referral realm; starting with HTTP/localhost@EXAMPLE.COM
    [28575] 1531502626.856666: Retrieving user1@EXAMPLE.COM -> krbtgt/EXAMPLE.COM@EXAMPLE.COM
from FILE:/tmp/krb5cc_502 with result: 0/Success
    [28575] 1531502626.856667: Starting with TGT for client realm: user1@EXAMPLE.COM ->
krbtgt/EXAMPLE.COM@EXAMPLE.COM
    [28575] 1531502626.856668: Requesting tickets for HTTP/localhost@EXAMPLE.COM, referrals
on
    [28575] 1531502626.856669: Generated subkey for TGS request: aes128-cts/86C4
    [28575] 1531502626.856670: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2,
aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
    [28575] 1531502626.856672: Encoding request body and padata into FAST request
    [28575] 1531502626.856673: Sending request (807 bytes) to EXAMPLE.COM
    [28575] 1531502626.856674: Resolving hostname localhost
    [28575] 1531502626.856675: Initiating TCP connection to stream ::1:60299
    [28575] 1531502626.856676: Terminating TCP connection to stream ::1:60299
    [28575] 1531502626.856677: Initiating TCP connection to stream 127.0.0.1:60299
    [28575] 1531502626.856678: Sending TCP request to stream 127.0.0.1:60299
    [28575] 1531502626.856679: Received answer (119 bytes) from stream 127.0.0.1:60299
    [28575] 1531502626.856680: Terminating TCP connection to stream 127.0.0.1:60299
    [28575] 1531502626.856681: Sending DNS URI query for _kerberos.EXAMPLE.COM.
    [28575] 1531502626.856682: No URI records found
    [28575] 1531502626.856683: Sending DNS SRV query for _kerberos-master._udp.EXAMPLE.COM.
    [28575] 1531502626.856684: Sending DNS SRV query for _kerberos-master._tcp.EXAMPLE.COM.
    [28575] 1531502626.856685: No SRV records found
    [28575] 1531502626.856686: Response was not from master KDC
    [28575] 1531502626.856687: TGS request result: -1765328343/Message stream modified
    [28575] 1531502626.856688: Requesting tickets for HTTP/localhost@EXAMPLE.COM, referrals
off
    [28575] 1531502626.856689: Generated subkey for TGS request: aes128-cts/F96F
    [28575] 1531502626.856690: etypes requested in TGS request: aes256-cts, aes128-cts, aes256-sha2,
aes128-sha2, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts
    [28575] 1531502626.856692: Encoding request body and padata into FAST request
    [28575] 1531502626.856693: Sending request (807 bytes) to EXAMPLE.COM
    [28575] 1531502626.856694: Resolving hostname localhost
    [28575] 1531502626.856695: Initiating TCP connection to stream ::1:60299
    [28575] 1531502626.856696: Terminating TCP connection to stream ::1:60299
    [28575] 1531502626.856697: Initiating TCP connection to stream 127.0.0.1:60299
    [28575] 1531502626.856698: Sending TCP request to stream 127.0.0.1:60299
    [28575] 1531502626.856699: Received answer (119 bytes) from stream 127.0.0.1:60299
    [28575] 1531502626.856700: Terminating TCP connection to stream 127.0.0.1:60299
    [28575] 1531502626.856701: Sending DNS URI query for _kerberos.EXAMPLE.COM.
    [28575] 1531502626.856702: No URI records found
    [28575] 1531502626.856703: Sending DNS SRV query for _kerberos-master._udp.EXAMPLE.COM.
    [28575] 1531502626.856704: Sending DNS SRV query for _kerberos-master._tcp.EXAMPLE.COM.
    [28575] 1531502626.856705: No SRV records found
    [28575] 1531502626.856706: Response was not from master KDC
    [28575] 1531502626.856707: TGS request result: -1765328343/Message stream modified
    ERROR:requests_kerberos.kerberos_:generate_request_header(): authGSSClientStep() failed:
    Traceback (most recent call last):
      File "/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
line 235, in generate_request_header
        negotiate_resp_value)
    GSSError: (('Unspecified GSS failure.  Minor code may provide more information', 851968),
('Message stream modified', 100001))
    ERROR:requests_kerberos.kerberos_:(('Unspecified GSS failure.  Minor code may provide
more information', 851968), ('Message stream modified', 100001))
    Traceback (most recent call last):
      File "/Users/jelser/projects/phoenix.git/python/requests-kerberos/requests_kerberos/kerberos_.py",
line 235, in generate_request_header
        negotiate_resp_value)
    GSSError: (('Unspecified GSS failure.  Minor code may provide more information', 851968),
('Message stream modified', 100001))
    ```
    
    So, definitely the KDC throwing a fit and telling us to go away: `[28575] 1531502626.856707:
TGS request result: -1765328343/Message stream modified`


> Add kerberos authentication to python-phoenixdb
> -----------------------------------------------
>
>                 Key: PHOENIX-4688
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-4688
>             Project: Phoenix
>          Issue Type: Improvement
>            Reporter: Lev Bronshtein
>            Priority: Minor
>
> In its current state python-phoenixdv does not support support kerberos authentication. 
Using a modern python http library such as requests or urllib it would be simple (if not trivial)
to add this support.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message