How can I connect from NIFI to a Kerberos enabled Kudu?
I only see one processor to access Kudu - PutKUDU and it doesn't support Kerberos. I haven't seen anywhere online any discussion regarding connecting to Kudu with Kerberos. Am I missing something?
Thanks!
This is being worked on now and there is a pull request to add support for keberos to PutKudu:
https://github.com/apache/nifi/pull/3279 - NIFI-5984: Enabled Kerberos Authentication for PutKudu
I don't believe there is a way to do it without the work in that pull request.
Related
Hi we're enabling federated authentication in snowflake - that means we'll no longer be allowing using user and password.
Everything that connects to snowflake can use a .pem certificate but looker.
There is no such option, you can either use login/pass or oAuth.
Snowflake support suggested ssh tunnel but I don't see how this might help
Brandon with JumpCloud here — there's actually an ongoing discussion about integrating JumpCloud with Snowflake, in the #sso channel of our public Slack workspace. One admin has achieved success and is offering help. If that sounds relevant, feel free to join in — https://join.slack.com/t/jumpcloudlounge/shared_invite/zt-esobabj4-Ytqy4ZSTo6ZONoALoGHAKA.
Wanted to check if ibm-eventstreams that I can deploy on IBM Cloud Private (ICP) 2.1.0.3, supports Kafka SASL authentication and ACLs applied to specific topics?
I was referring to this developerWorks article about Kafka ACLs:
https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/
Wondering whether it is available and supported with ibm-eventstreams.
If it is supported, are there any changes/enhancements to the ACL support that I see in the above doc? Is there any further documentation available?
Sorry, no - the current Tech Preview doesn't include any security or auth. (We're thinking hard about what the best way to do this would be though!)
I'm leveraging API Connect service on Bluemix and keep facing following issue multiple times so wanted to know, where to go and troubleshoot these sort of issues quickly on Bluemix ? Please let me know if you need any additional details.
Could not process the API request. See the server log for more information, or contact your administrator.
Error ID: 5851d7e30cf27aa48695c426
In addition to this, since we don't have access to runtime component (DataPower) so how to troubleshoot runtime issues ?
Have you tried the Bluemix docs? The API Connect docs include a troubleshooting section. There is also documentation on the DataPower Connector.
I have customized a new LDAP plugin to provide basic Zookeeper Authenication.
some thing like
setAcl /zookeeperPath ldap:<Group>:crwda
and when I check for the znodes
addAuth ldap:<uid>:password
will grant me access to the znodes
I know this can be done using the kerberos. But in my enterprise Linux Auth is doe through sssd. kerberos is not enabled.
I am afraid I have done some customization that should have not been done. Because, I did not get any reference from internet to do it.
If theare are any plugins thats been already used please help.
There are no ldap auth plugin for zookeeper. As zookeeper supports SASL kerberos authentication. But additional ACLs can be set using Active directory or LDAP group permissions. This can be achieved by implementing
org.apache.zookeeper.server.auth.AuthenticationProvider
and settng -D params as
-Dzookeeper.authProvider.1=class.path.to.XyzAuthenticationProvider
Is it possible to have a Java process running on linux access EWS using kerberos only without the need of a pre-defined username/password combination?
My current system architecture consists of a Java process that accesses EWS using a stored username/password combination. Requirement is to ensure that the credentials under which the Java process runs are authenticated on Exchange using Kerberos.
Is it possible to have this setup?
yes, it should be possible to authenticate to EWS using Kerberos. You can Java GSSAPI to get the Kerberos tickets (from the ticket cache or prompt the user). There is a Java GSS Sample program at http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html
Your question seems to be more on what Java can do versus what Exchange/IIS can do. I don't know Java well at all, however I do know EWS and IIS topics well.
Here is something to keep in mind - IIS does the authentication and not EWS. You could do an HTTP GET on a file in a virtual folder on an IIS server to verify that your API works. If you can authenticate to IIS, then EWS should work. Now having said that you also need do consifer access issues - ie impersonation and delegateion - you will need to be sure you have the needed content in the EWS XML and have the correct Exchange settings for Impersonation and correct folder permissions set for delegation.
Yes, it is possible. It is already implemented in "JWebServices for Exchange", Java API for EWS
You ticket a TGT in the ticket cache or a keytab for that account.